diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 941fa7d3b9f..9c76101ba80 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -41,10 +41,16 @@ jobs: "tests/notifications_test.py", "tests/tool_config.py", "openapi-validatator", - ] os: [alpine, debian] + v3_feature_locations: [true, false] + exclude: + # standalone create endpoint page is gone in v3 + - v3_feature_locations: true + test-case: "tests/endpoint_test.py" fail-fast: false + env: + DD_V3_FEATURE_LOCATIONS: ${{ matrix.v3_feature_locations }} steps: - name: Checkout diff --git a/.github/workflows/rest-framework-tests.yml b/.github/workflows/rest-framework-tests.yml index cbcfb01c1e8..50a1442a4d2 100644 --- a/.github/workflows/rest-framework-tests.yml +++ b/.github/workflows/rest-framework-tests.yml @@ -6,12 +6,14 @@ on: platform: type: string default: "linux/amd64" + v3_feature_locations: + type: boolean + default: false jobs: unit_tests: name: Rest Framework Unit Tests runs-on: ${{ inputs.platform == 'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }} - strategy: matrix: os: [alpine, debian] @@ -53,10 +55,11 @@ jobs: # no celery or initializer needed for unit tests - name: Unit tests - timeout-minutes: 20 + timeout-minutes: 25 run: docker compose up --no-deps --exit-code-from uwsgi uwsgi env: DJANGO_VERSION: ${{ matrix.os }} + DD_V3_FEATURE_LOCATIONS: ${{ inputs.v3_feature_locations }} - name: Logs if: failure() diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index e16990520df..2e36654cf4c 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -23,14 +23,16 @@ jobs: test-rest-framework: strategy: - matrix: - platform: ['linux/amd64', 'linux/arm64'] - fail-fast: false + matrix: + platform: ['linux/amd64', 'linux/arm64'] + v3_feature_locations: [ false, true ] + fail-fast: false needs: build-docker-containers uses: ./.github/workflows/rest-framework-tests.yml secrets: inherit with: - platform: ${{ matrix.platform}} + platform: ${{ matrix.platform }} + v3_feature_locations: ${{ matrix.v3_feature_locations }} # only run integration tests for linux/amd64 (default) test-user-interface: diff --git a/docker-compose.override.integration_tests.yml b/docker-compose.override.integration_tests.yml index 8d6efe954f7..24d522f73a0 100644 --- a/docker-compose.override.integration_tests.yml +++ b/docker-compose.override.integration_tests.yml @@ -36,6 +36,7 @@ services: DD_SECURE_CROSS_ORIGIN_OPENER_POLICY: 'None' DD_SECRET_KEY: "${DD_SECRET_KEY:-.}" DD_EMAIL_URL: "smtp://mailhog:1025" + DD_V3_FEATURE_LOCATIONS: ${DD_V3_FEATURE_LOCATIONS:-False} celerybeat: environment: DD_DATABASE_URL: ${DD_TEST_DATABASE_URL:-postgresql://defectdojo:defectdojo@postgres:5432/test_defectdojo} @@ -43,6 +44,7 @@ services: entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST:-postgres}:${DD_DATABASE_PORT:-5432}', '-t', '30', '--', '/entrypoint-celery-worker-dev.sh'] environment: DD_DATABASE_URL: ${DD_TEST_DATABASE_URL:-postgresql://defectdojo:defectdojo@postgres:5432/test_defectdojo} + DD_V3_FEATURE_LOCATIONS: ${DD_V3_FEATURE_LOCATIONS:-False} initializer: environment: PYTHONWARNINGS: error # We are strict about Warnings during testing diff --git a/docker-compose.override.unit_tests_cicd.yml b/docker-compose.override.unit_tests_cicd.yml index 1151d43600a..ee52511b0ec 100644 --- a/docker-compose.override.unit_tests_cicd.yml +++ b/docker-compose.override.unit_tests_cicd.yml @@ -28,6 +28,7 @@ services: DD_CELERY_BROKER_PATH: '/dojo.celerydb.sqlite' DD_CELERY_BROKER_PARAMS: '' DD_JIRA_EXTRA_ISSUE_TYPES: 'Vulnerability' # Shouldn't trigger a migration error + DD_V3_FEATURE_LOCATIONS: ${DD_V3_FEATURE_LOCATIONS:-False} celerybeat: !reset celeryworker: !reset initializer: !reset diff --git a/dojo/api_helpers/__init__.py b/dojo/api_helpers/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/dojo/api_helpers/filters.py b/dojo/api_helpers/filters.py new file mode 100644 index 00000000000..6e2c0417327 --- /dev/null +++ b/dojo/api_helpers/filters.py @@ -0,0 +1,283 @@ +from __future__ import annotations + +from datetime import datetime, timedelta +from typing import TYPE_CHECKING + +from django.utils import timezone +from django_filters import ( + BaseInFilter, + BooleanFilter, + CharFilter, + DateTimeFromToRangeFilter, + FilterSet, + MultipleChoiceFilter, + NumberFilter, + OrderingFilter, +) + +if TYPE_CHECKING: + from collections.abc import Iterable + + +# https://django-filter.readthedocs.io/en/stable/ref/filters.html#baseinfilter +class NumberInFilter(BaseInFilter, NumberFilter): + + """Support for searches like `id__in`.""" + + +# https://django-filter.readthedocs.io/en/stable/ref/filters.html#baseinfilter +class CharFieldInFilter(BaseInFilter, CharFilter): + + """Support for searches like `id__in`.""" + + def filter(self, qs, value): + if not value: + return qs + if isinstance(value, str): + value = [v.strip() for v in value.split(",") if v.strip()] + return super().filter(qs, value) + + +class StaticMethodFilters(FilterSet): + + """Static methods to make setting new filters easier.""" + + @staticmethod + def set_class_variables(context: dict, class_vars: dict) -> None: + """Set the contents of `class_vars` into the supplied context.""" + context.update(class_vars) + + @staticmethod + def create_char_filters( + field_name: str, + help_text_header: str, + context: dict, + ) -> None: + """ + Create all the filters needed for a CharFilter. + + - Exact Match + - Not Exact Match + - Contains + - Not Contains + - Starts with + - Ends with + """ + return StaticMethodFilters.set_class_variables( + context, + { + f"{field_name}_exact": CharFilter( + field_name=field_name, + lookup_expr="iexact", + help_text=f"{help_text_header}: Exact Match", + ), + f"{field_name}_not_exact": CharFilter( + field_name=field_name, + lookup_expr="iexact", + help_text=f"{help_text_header}: Not Exact Match", + exclude=True, + ), + f"{field_name}_contains": CharFilter( + field_name=field_name, + lookup_expr="icontains", + help_text=f"{help_text_header}: Contains", + ), + f"{field_name}_not_contains": CharFilter( + field_name=field_name, + lookup_expr="icontains", + help_text=f"{help_text_header}: Not Contains", + exclude=True, + ), + f"{field_name}_starts_with": CharFilter( + field_name=field_name, + lookup_expr="istartswith", + help_text=f"{help_text_header}: Starts With", + ), + f"{field_name}_ends_with": CharFilter( + field_name=field_name, + lookup_expr="iendswith", + help_text=f"{help_text_header}: Ends With", + ), + f"{field_name}_includes": CharFieldInFilter( + field_name=field_name, + lookup_expr="in", + help_text=f"{help_text_header}: Included in List", + ), + f"{field_name}_not_includes": CharFieldInFilter( + field_name=field_name, + lookup_expr="in", + help_text=f"{help_text_header}: Not Included in List", + exclude=True, + ), + }, + ) + + @staticmethod + def create_integer_filters( + field_name: str, + help_text_header: str, + context: dict, + ) -> None: + """ + Create all the filters needed for an IntegerFilter. + + - Exact Match + - Not Exact Match + - Greater Than or Equal to + - Less Than or Equal to + - ID included in the list + - ID Not included in the list + """ + return StaticMethodFilters.set_class_variables( + context, + { + f"{field_name}_equals": NumberFilter( + field_name=field_name, + lookup_expr="exact", + help_text=f"{help_text_header}: Equals", + ), + f"{field_name}_not_equals": NumberFilter( + field_name=field_name, + lookup_expr="exact", + help_text=f"{help_text_header}: Not Equals", + exclude=True, + ), + f"{field_name}_greater_than_or_equal_to": NumberFilter( + field_name=field_name, + lookup_expr="gte", + help_text=f"{help_text_header}: Greater Than or Equal To", + ), + f"{field_name}_less_than_or_equal_to": NumberFilter( + field_name=field_name, + lookup_expr="lte", + help_text=f"{help_text_header}: Less Than or Equal To", + ), + f"{field_name}_includes": NumberInFilter( + field_name=field_name, + lookup_expr="in", + help_text=f"{help_text_header}: Included in List", + ), + f"{field_name}_not_includes": NumberInFilter( + field_name=field_name, + lookup_expr="in", + help_text=f"{help_text_header}: Not Included in List", + exclude=True, + ), + }, + ) + + @staticmethod + def create_choice_filters( + field_name: str, + help_text_header: str, + choices: list[tuple[str]], + context: dict, + ) -> None: + """Create a filter for requiring a single choice.""" + return StaticMethodFilters.set_class_variables( + context, + { + f"{field_name}_equals": MultipleChoiceFilter( + field_name=field_name, + choices=choices, + help_text=f"{help_text_header}: Choice Filter", + ), + }, + ) + + @staticmethod + def create_datetime_filters( + field_name: str, + help_text_header: str, + context: dict, + ) -> None: + """Create a filter for setting datetime filters.""" + return StaticMethodFilters.set_class_variables( + context, + { + field_name: DateTimeFromToRangeFilter( + field_name=field_name, + help_text=f"{help_text_header}: DateTime Range Filter", + ), + }, + ) + + @staticmethod + def create_boolean_filters( + field_name: str, + help_text_header: str, + context: dict, + ) -> None: + """Create a filter for boolean filters.""" + return StaticMethodFilters.set_class_variables( + context, + { + field_name: BooleanFilter( + field_name=field_name, + help_text=f"{help_text_header}: True/False", + ), + }, + ) + + @staticmethod + def create_ordering_filters( + context: dict, + field_names: Iterable[str], + ) -> None: + """Create an ordering filter for all fields in the dict.""" + return StaticMethodFilters.set_class_variables( + context, + {"ordering": OrderingFilter(fields=[(field_name, field_name) for field_name in field_names])}, + ) + + +class CommonFilters(StaticMethodFilters): + + """Helpers for FilterSets to reduce copy/past code.""" + + StaticMethodFilters.create_integer_filters("id", "ID", locals()) + StaticMethodFilters.create_datetime_filters("created_at", "Created At", locals()) + StaticMethodFilters.create_datetime_filters("updated_at", "Updated At", locals()) + + +def filter_timestamp(queryset, name, value): + try: + date = datetime.strptime(value, "%Y-%m-%d") + except ValueError: + return queryset + + start_datetime = timezone.make_aware(datetime.combine(date, datetime.min.time())) + end_datetime = timezone.make_aware(datetime.combine(date + timedelta(days=1), datetime.min.time())) + + return queryset.filter(**{f"{name}__gte": start_datetime, f"{name}__lt": end_datetime}) + + +def csv_filter(queryset, name, value): + return queryset.filter(**{f"{name}__in": value.split(",")}) + + +class CustomOrderingFilter(OrderingFilter): + def __init__(self, *args, **kwargs): + self.reverse_fields = kwargs.pop("reverse_fields", []) + super().__init__(*args, **kwargs) + + def filter(self, qs, value): + if value in {None, ""}: + return qs + + ordering = [] + + for param in value: + stripped_param = param.strip() + raw_field = stripped_param.lstrip("-") + reverse = raw_field in self.reverse_fields + + if reverse: + if stripped_param.startswith("-"): + ordering.append(raw_field) + else: + ordering.append(f"-{raw_field}") + else: + ordering.append(stripped_param) + + return qs.order_by(*ordering) diff --git a/dojo/api_helpers/serializers.py b/dojo/api_helpers/serializers.py new file mode 100644 index 00000000000..f486d90303f --- /dev/null +++ b/dojo/api_helpers/serializers.py @@ -0,0 +1,81 @@ +from __future__ import annotations + +from typing import TYPE_CHECKING + +from rest_framework.exceptions import ValidationError +from rest_framework.serializers import ( + ModelSerializer, + Serializer, +) + +if TYPE_CHECKING: + from collections import OrderedDict + + from django.db.models import Model + + from dojo.base_models.base import T + + +class SnubSerializer(Serializer): + pass + + +class BaseModelSerializer(ModelSerializer): + + """Base serializer for all models.""" + + def get_request_method(self) -> str: + """Return the method of the request.""" + return self.context.get("request").method + + def remove_internal_fields(self, fields: dict) -> None: + """Remove a list of internally defined fields that should never be exposed to the user.""" + # Fetch the list of fields from the serializer + internal_fields = getattr(self, "internal_fields", []) + # Remove them from the field dict + for field in internal_fields: + fields.pop(field, None) + + def get_fields(self) -> OrderedDict: + """Exclude all internal fields by default.""" + fields = super().get_fields() + # Remove the internal fields + self.remove_internal_fields(fields) + + return fields + + def process_nested_serializer( + self, + serializer_class: type[BaseModelSerializer], + object_data: dict | None, + instance: Model | None, + ) -> T | None: + """Process nested serializers in a generic way.""" + # Short circuit if given incorrect data + if object_data is None or object_data == {}: + return None + # Check the method is an expected value + method = self.get_request_method() + if method not in {"POST", "PATCH", "PUT"}: + msg = "The `method` method must be one of `POST`, `PATCH`, or `PUT`..." + raise ValidationError(msg) + # Check the method has what it needs + if instance is None and method in {"PATCH", "PUT"}: + msg = "When using the `PUT` or `PATCH` method, you must also supply the instance to update..." + raise ValidationError(msg) + # Initialize the serializer class + unsaved_object = serializer_class(data=object_data, partial=(method == "PATCH")) + # Validate the object with the serializer class + if not unsaved_object.is_valid(): + raise ValidationError(unsaved_object.errors) + # Determine the args to pass based on the method to call + object_instance = None + if method == "POST": + object_instance = unsaved_object.create(validated_data=unsaved_object.validated_data) + elif method in {"PATCH", "PUT"}: + object_instance = unsaved_object.update( + instance=instance, + validated_data=unsaved_object.validated_data, + ) + + return object_instance diff --git a/dojo/api_v2/permissions.py b/dojo/api_v2/permissions.py index 905ddf99b58..bedcd97603c 100644 --- a/dojo/api_v2/permissions.py +++ b/dojo/api_v2/permissions.py @@ -1,5 +1,6 @@ import re +from django.conf import settings from django.db.models import Model from django.shortcuts import get_object_or_404 from rest_framework import permissions, serializers @@ -18,6 +19,7 @@ ) from dojo.authorization.roles_permissions import Permissions from dojo.importers.auto_create_context import AutoCreateContextManager +from dojo.location.models import Location from dojo.models import ( Cred_Mapping, Dojo_Group, @@ -177,13 +179,26 @@ def has_permission(self, request, view): request.user, obj, Permissions.Finding_Edit, ) ) + location_id = request.data.get("location", None) + if location_id: + obj = get_object_or_404(Location, pk=location_id) + has_permission_result = ( + has_permission_result + and user_has_permission( + request.user, obj, Permissions.Location_Edit, + ) + ) + # TODO: Delete this after the move to Locations endpoint_id = request.data.get("endpoint", None) if endpoint_id: - obj = get_object_or_404(Endpoint, pk=endpoint_id) + if settings.V3_FEATURE_LOCATIONS: + obj = get_object_or_404(Location, pk=endpoint_id) + else: + obj = get_object_or_404(Endpoint, pk=endpoint_id) has_permission_result = ( has_permission_result and user_has_permission( - request.user, obj, Permissions.Endpoint_Edit, + request.user, obj, Permissions.Location_Edit, ) ) return has_permission_result @@ -215,6 +230,19 @@ def has_object_permission(self, request, view, obj): Permissions.Finding_Edit, ) ) + location = obj.location + if location: + has_permission_result = ( + has_permission_result + and check_object_permission( + request, + location, + Permissions.Location_View, + Permissions.Location_Edit, + Permissions.Location_Edit, + ) + ) + # TODO: Delete this after the move to Locations endpoint = obj.endpoint if endpoint: has_permission_result = ( @@ -222,9 +250,9 @@ def has_object_permission(self, request, view, obj): and check_object_permission( request, endpoint, - Permissions.Endpoint_View, - Permissions.Endpoint_Edit, - Permissions.Endpoint_Edit, + Permissions.Location_View, + Permissions.Location_Edit, + Permissions.Location_Edit, ) ) return has_permission_result @@ -246,35 +274,37 @@ def has_object_permission(self, request, view, obj): ) +# TODO: Delete this after the move to Locations class UserHasEndpointPermission(permissions.BasePermission): def has_permission(self, request, view): return check_post_permission( - request, Product, "product", Permissions.Endpoint_Add, + request, Product, "product", Permissions.Location_Add, ) def has_object_permission(self, request, view, obj): return check_object_permission( request, obj, - Permissions.Endpoint_View, - Permissions.Endpoint_Edit, - Permissions.Endpoint_Delete, + Permissions.Location_View, + Permissions.Location_Edit, + Permissions.Location_Delete, ) +# TODO: Delete this after the move to Locations class UserHasEndpointStatusPermission(permissions.BasePermission): def has_permission(self, request, view): return check_post_permission( - request, Endpoint, "endpoint", Permissions.Endpoint_Edit, + request, Endpoint, "endpoint", Permissions.Location_Edit, ) def has_object_permission(self, request, view, obj): return check_object_permission( request, obj.endpoint, - Permissions.Endpoint_View, - Permissions.Endpoint_Edit, - Permissions.Endpoint_Edit, + Permissions.Location_View, + Permissions.Location_Edit, + Permissions.Location_Edit, ) diff --git a/dojo/api_v2/prefetch/prefetcher.py b/dojo/api_v2/prefetch/prefetcher.py index 1c45e309dce..6d290b6b06b 100644 --- a/dojo/api_v2/prefetch/prefetcher.py +++ b/dojo/api_v2/prefetch/prefetcher.py @@ -1,11 +1,13 @@ import inspect import sys +from django.conf import settings from rest_framework.serializers import ModelSerializer -from dojo.models import FileUpload - -from . import utils +from dojo.api_v2.prefetch import utils +from dojo.location.api.serializers import LocationFindingReferenceSerializer, LocationSerializer +from dojo.location.models import Location, LocationFindingReference +from dojo.models import FileUpload, Finding # Reduce the scope of search for serializers. SERIALIZER_DEFS_MODULE = "dojo.api_v2.serializers" @@ -64,6 +66,10 @@ def _find_serializer(self, field_type): rest_framework.serializers.ModelSerializer: The serializer if one has been found or None """ + # Check overrides first + if serializer := self.serializer_overrides(field_type): + return serializer + # If the type is represented in the map then return the serializer if field_type in self._serializers: return self._serializers[field_type] @@ -75,6 +81,52 @@ def _find_serializer(self, field_type): parent_class = field_type.__mro__[1] return self._find_serializer(parent_class) + def get_field_value_override(self, model_instance, field_name): + """ + Allows us to override the default field value lookup functionality, e.g. for when we are migrating to new models + while keeping the old names for API compatibility. + + :param model_instance: the model instance + :param field_name: the name of the field we're getting a value for + :return: a tuple of (the value of the field, whether the field is 'many'), or None if no override exists + """ + if settings.V3_FEATURE_LOCATIONS: + if isinstance(model_instance, Finding) and field_name == "endpoints": + return model_instance.locations, True + return None + + def get_field_value(self, model_instance, field_name): + """ + Returns the value of the given field from the model instance and whether the serializer used should treat the + value as many. + + :param model_instance: the model instance + :param field_name: the name of the field we're getting a value for + :return: a tuple of (the value of the field, whether the field is 'many') + """ + # Check overrides first + if field_data := self.get_field_value_override(model_instance, field_name): + return field_data + + # Get the concrete field type + field_meta = getattr(type(model_instance), field_name, None) + # Check if the field represents a many-to-many relationship as we need to instantiate the serializer accordingly + many = utils._is_many_to_many_relation(field_meta) + # Get the field from the instance + return getattr(model_instance, field_name, None), many + + def serializer_overrides(self, field_type): + """ + Overrides for model serializers, e.g. for serializers not found in SERIALIZER_DEFS_MODULE + + :param field_type: the model field type + :return: a serializer for the given model field type, or None if no override exists + """ + return { + Location: LocationSerializer, + LocationFindingReference: LocationFindingReferenceSerializer, + }.get(field_type) + def _prefetch(self, entry, fields_to_fetch): """ Apply prefetching for the given field on the given entry @@ -86,7 +138,7 @@ def _prefetch(self, entry, fields_to_fetch): """ for field_to_fetch in fields_to_fetch: # Get the field from the instance - field_value = getattr(entry, field_to_fetch, None) + field_value, many = self.get_field_value(entry, field_to_fetch) if field_value is None: continue @@ -96,11 +148,6 @@ def _prefetch(self, entry, fields_to_fetch): if extra_serializer is None: continue - # Get the concrete field type - field_meta = getattr(type(entry), field_to_fetch, None) - # Check if the field represents a many-to-many relationship as we need to instantiate - # the serializer accordingly - many = utils._is_many_to_many_relation(field_meta) field_data = extra_serializer(many=many).to_representation( field_value, ) diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py index 9a17e4be985..6e75449ecab 100644 --- a/dojo/api_v2/serializers.py +++ b/dojo/api_v2/serializers.py @@ -39,6 +39,7 @@ from dojo.importers.base_importer import BaseImporter from dojo.importers.default_importer import DefaultImporter from dojo.importers.default_reimporter import DefaultReImporter +from dojo.location.models import Location, LocationFindingReference from dojo.models import ( DEFAULT_NOTIFICATION, IMPORT_ACTIONS, @@ -411,7 +412,13 @@ class MetaSerializer(serializers.ModelSerializer): allow_null=True, ) endpoint = serializers.PrimaryKeyRelatedField( - queryset=Endpoint.objects.all(), + queryset=Location.objects.all(), + required=False, + default=None, + allow_null=True, + ) + location = serializers.PrimaryKeyRelatedField( + queryset=Location.objects.all(), required=False, default=None, allow_null=True, @@ -424,9 +431,22 @@ class MetaSerializer(serializers.ModelSerializer): ) def validate(self, data): + if settings.V3_FEATURE_LOCATIONS and "endpoint" in data: + data["location"] = data.pop("endpoint") DojoMeta(**data).clean() return data + # TODO: Delete this after the move to Locations + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + if not settings.V3_FEATURE_LOCATIONS: + self.fields["endpoint"] = serializers.PrimaryKeyRelatedField( + queryset=Endpoint.objects.all(), + required=False, + default=None, + allow_null=True, + ) + class Meta: model = DojoMeta fields = "__all__" @@ -1734,6 +1754,12 @@ class FindingSerializer(serializers.ModelSerializer): reporter = serializers.PrimaryKeyRelatedField( required=False, queryset=User.objects.all(), ) + endpoints = serializers.PrimaryKeyRelatedField( + source="locations", + many=True, + required=False, + queryset=LocationFindingReference.objects.all(), + ) class Meta: model = Finding @@ -1742,6 +1768,14 @@ class Meta: "inherited_tags", ) + # TODO: Delete this after the move to Locations + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + if not settings.V3_FEATURE_LOCATIONS: + self.fields["endpoints"] = serializers.PrimaryKeyRelatedField( + many=True, required=False, queryset=Endpoint.objects.all(), + ) + @extend_schema_field(serializers.DateTimeField()) def get_jira_creation(self, obj): return jira_helper.get_jira_creation(obj) @@ -1809,10 +1843,21 @@ def update(self, instance, validated_data): # In the event the user does not supply the found_by field at all, we do not modify it elif isinstance(found_by, list) and len(found_by) == 0: instance.found_by.clear() + + locations = None + if settings.V3_FEATURE_LOCATIONS: + locations = validated_data.pop("locations", None) + instance = super().update( instance, validated_data, ) + if settings.V3_FEATURE_LOCATIONS and locations is not None: + for location_ref in instance.locations.all(): + location_ref.location.disassociate_from_finding(instance) + for location_ref in locations: + location_ref.location.associate_with_finding(instance) + if push_to_jira: jira_helper.push_to_jira(instance) @@ -2209,13 +2254,11 @@ class CommonImportScanSerializer(serializers.Serializer): verified = serializers.BooleanField( help_text="Force findings to be verified/not verified or default to the original tool (None)", required=False, ) - - # TODO: why do we allow only existing endpoints? endpoint_to_add = serializers.PrimaryKeyRelatedField( - queryset=Endpoint.objects.all(), + queryset=Location.objects.all(), required=False, default=None, - help_text="Enter the ID of an Endpoint that is associated with the target Product. New Findings will be added to that Endpoint.", + help_text="Enter the ID of a Location that is associated with the target Product. New Findings will be added to that Location.", ) file = serializers.FileField( allow_empty_file=True, @@ -2299,10 +2342,22 @@ class CommonImportScanSerializer(serializers.Serializer): required=False, ) apply_tags_to_endpoints = serializers.BooleanField( - help_text="If set to True, the tags will be applied to the endpoints", + help_text="If set to True, the tags will be applied to the locations", required=False, ) + # TODO: Delete this after the move to Locations + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + if not settings.V3_FEATURE_LOCATIONS: + # TODO: why do we allow only existing endpoints? + self.fields["endpoint_to_add"] = serializers.PrimaryKeyRelatedField( + queryset=Endpoint.objects.all(), + required=False, + default=None, + help_text="Enter the ID of an Endpoint that is associated with the target Product. New Findings will be added to that Endpoint.", + ) + def get_importer( self, **kwargs: dict, @@ -2404,11 +2459,16 @@ def setup_common_context(self, data: dict) -> dict: context["verified"] = data.get("verified") else: context["verified"] = None - # Change the way that endpoints are sent to the importer if endpoints_to_add := data.get("endpoint_to_add"): - context["endpoints_to_add"] = [endpoints_to_add] + if settings.V3_FEATURE_LOCATIONS: + # Note: The serializer resolves Location references, but we must pass along to the importer + # AbstractLocation objects, hence the .url access. + context["endpoints_to_add"] = [endpoints_to_add.url] + else: + # TODO: Delete this after the move to Locations + context["endpoints_to_add"] = [endpoints_to_add] else: - context["endpoint_to_add"] = None + context["endpoints_to_add"] = None # Convert the tags to a list if needed. At this point, the # TaggitListSerializer has already removed commas supplied # by the user, so this operation will consistently return @@ -2703,16 +2763,27 @@ def save(self): except (ValueError, TypeError) as e: # Raise an explicit drf exception here raise ValidationError(str(e)) - try: - endpoint_meta_import( - file, - product, - create_endpoints, - create_tags, - create_dojo_meta, - origin="API", - ) + if settings.V3_FEATURE_LOCATIONS: + endpoint_meta_import( + file, + product, + create_endpoints, + create_tags, + create_dojo_meta, + origin="API", + object_class=Location, + ) + else: + # TODO: Delete this after the move to Locations + endpoint_meta_import( + file, + product, + create_endpoints, + create_tags, + create_dojo_meta, + origin="API", + ) except SyntaxError as se: raise Exception(se) except ValueError as ve: diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py index 382a8952dc7..331e4cbf7bd 100644 --- a/dojo/api_v2/views.py +++ b/dojo/api_v2/views.py @@ -329,7 +329,7 @@ class EndPointViewSet( ) def get_queryset(self): - return get_authorized_endpoints(Permissions.Endpoint_View).distinct() + return get_authorized_endpoints(Permissions.Location_View).distinct() @extend_schema( request=serializers.ReportGenerateOptionSerializer, @@ -395,7 +395,7 @@ class EndpointStatusViewSet( def get_queryset(self): return get_authorized_endpoint_status( - Permissions.Endpoint_View, + Permissions.Location_View, ).distinct() @@ -902,28 +902,53 @@ def perform_update(self, serializer): serializer.save(push_to_jira=push_to_jira) def get_queryset(self): - findings = get_authorized_findings( - Permissions.Finding_View, - ).prefetch_related( - "endpoints", - "reviewers", - "found_by", - "notes", - "risk_acceptance_set", - "test", - "tags", - "jira_issue", - "finding_group_set", - "files", - "burprawrequestresponse_set", - "status_finding", - "finding_meta", - "test__test_type", - "test__engagement", - "test__environment", - "test__engagement__product", - "test__engagement__product__prod_type", - ) + if settings.V3_FEATURE_LOCATIONS: + findings = get_authorized_findings( + Permissions.Finding_View, + ).prefetch_related( + "locations__location__url", + "reviewers", + "found_by", + "notes", + "risk_acceptance_set", + "test", + "tags", + "jira_issue", + "finding_group_set", + "files", + "burprawrequestresponse_set", + "status_finding", + "finding_meta", + "test__test_type", + "test__engagement", + "test__environment", + "test__engagement__product", + "test__engagement__product__prod_type", + ) + else: + # TODO: Delete this after the move to Locations + findings = get_authorized_findings( + Permissions.Finding_View, + ).prefetch_related( + "endpoints", + "reviewers", + "found_by", + "notes", + "risk_acceptance_set", + "test", + "tags", + "jira_issue", + "finding_group_set", + "files", + "burprawrequestresponse_set", + "status_finding", + "finding_meta", + "test__test_type", + "test__engagement", + "test__environment", + "test__engagement__product", + "test__engagement__product__prod_type", + ) return findings.distinct() @@ -2581,7 +2606,7 @@ def perform_create(self, serializer): serializer.save() def get_queryset(self): - return get_authorized_products(Permissions.Endpoint_Edit) + return get_authorized_products(Permissions.Location_Edit) # Authorization: configuration diff --git a/dojo/apps.py b/dojo/apps.py index 06733c29771..96b8c87af34 100644 --- a/dojo/apps.py +++ b/dojo/apps.py @@ -60,7 +60,9 @@ def ready(self): # sast_source_file_path = models.CharField(null=True, blank=True, max_length=4000, help_text="Source filepath of the attack vector") watson.register(self.get_model("Finding_Template")) + # TODO: Delete this after the move to Locations watson.register(self.get_model("Endpoint"), store=("product__name", )) # add product name also? + watson.register(self.get_model("Location")) watson.register(self.get_model("Engagement"), fields=get_model_fields_with_extra(self.get_model("Engagement"), ("id", "product__name")), store=("product__name", )) watson.register(self.get_model("App_Analysis")) watson.register(self.get_model("Vulnerability_Id"), store=("finding__test__engagement__product__name", )) @@ -71,10 +73,12 @@ def ready(self): register_check(check_configuration_deduplication, "dojo") # Load any signals here that will be ready for runtime - # Importing the signals file is good enough if using the reciever decorator + # Importing the signals file is good enough if using the receiver decorator import dojo.announcement.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady import dojo.benchmark.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady import dojo.cred.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady + + # TODO: Delete this after the move to Locations import dojo.endpoint.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady import dojo.engagement.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady import dojo.file_uploads.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady @@ -87,7 +91,7 @@ def ready(self): import dojo.tags_signals # noqa: PLC0415, F401 raised: AppRegistryNotReady import dojo.test.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady import dojo.tool_product.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady - + import dojo.url.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady # Configure audit system after all models are loaded # This must be done in ready() to avoid "Models aren't loaded yet" errors # Note: pghistory models are registered here (no database access), but trigger diff --git a/dojo/asset/urls.py b/dojo/asset/urls.py index e248348b74b..24d369b4410 100644 --- a/dojo/asset/urls.py +++ b/dojo/asset/urls.py @@ -85,7 +85,7 @@ ), re_path( r"^asset/(?P\d+)/add_meta_data$", - views.add_meta_data, + views.manage_meta_data, name="add_meta_data", ), re_path( @@ -95,7 +95,7 @@ ), re_path( r"^asset/(?P\d+)/edit_meta_data$", - views.edit_meta_data, + views.manage_meta_data, name="edit_meta_data", ), re_path( @@ -239,11 +239,11 @@ name="delete_technology"), re_path(r"^product/(?P\d+)/new_engagement/cicd$", views.new_eng_for_app_cicd, name="new_eng_for_prod_cicd"), - re_path(r"^product/(?P\d+)/add_meta_data$", views.add_meta_data, + re_path(r"^product/(?P\d+)/add_meta_data$", views.manage_meta_data, name="add_meta_data"), re_path(r"^product/(?P\d+)/edit_notifications$", views.edit_notifications, name="edit_notifications"), - re_path(r"^product/(?P\d+)/edit_meta_data$", views.edit_meta_data, + re_path(r"^product/(?P\d+)/edit_meta_data$", views.manage_meta_data, name="edit_meta_data"), re_path( r"^product/(?P\d+)/ad_hoc_finding$", diff --git a/dojo/auditlog.py b/dojo/auditlog.py index 1f4fd4783bc..fc908163366 100644 --- a/dojo/auditlog.py +++ b/dojo/auditlog.py @@ -292,10 +292,12 @@ def register_django_pghistory_models(): triggers. """ # Import models inside function to avoid AppRegistryNotReady errors + from dojo.location.models import Location # noqa: PLC0415 from dojo.models import ( # noqa: PLC0415 App_Analysis, Cred_User, Dojo_User, + # TODO: Delete this after the move to Locations Endpoint, Engagement, Finding, @@ -308,6 +310,7 @@ def register_django_pghistory_models(): Risk_Acceptance, Test, ) + from dojo.url.models import URL # noqa: PLC0415 # Only log during actual application startup, not during shell commands if "shell" not in sys.argv: @@ -526,6 +529,34 @@ class Meta: }, )(FindingReviewers) + pghistory.track( + pghistory.InsertEvent(), + pghistory.UpdateEvent(condition=pghistory.AnyChange(exclude_auto=True)), + pghistory.DeleteEvent(), + pghistory.ManualEvent(label="initial_backfill"), + meta={ + "indexes": [ + models.Index(fields=["pgh_created_at"]), + models.Index(fields=["pgh_label"]), + models.Index(fields=["pgh_context_id"]), + ], + }, + )(Location) + + pghistory.track( + pghistory.InsertEvent(), + pghistory.UpdateEvent(condition=pghistory.AnyChange(exclude_auto=True)), + pghistory.DeleteEvent(), + pghistory.ManualEvent(label="initial_backfill"), + meta={ + "indexes": [ + models.Index(fields=["pgh_created_at"]), + models.Index(fields=["pgh_label"]), + models.Index(fields=["pgh_context_id"]), + ], + }, + )(URL) + # Track tag through models for all TagField relationships # Must use proxy pattern like FindingReviewers because tagulous auto-generates # through models that cannot be imported at module level @@ -1035,6 +1066,7 @@ def get_tracked_models(): "Product_Type", "Product", "Test", "Risk_Acceptance", "Finding_Template", "Cred_User", "Notification_Webhooks", "FindingReviewers", # M2M through table for Finding.reviewers + "Location", "URL", # Tag through tables (tagulous auto-generated) "FindingTags", "FindingInheritedTags", diff --git a/dojo/authorization/authorization.py b/dojo/authorization/authorization.py index 840eeb7ea35..313288f4ba8 100644 --- a/dojo/authorization/authorization.py +++ b/dojo/authorization/authorization.py @@ -7,6 +7,7 @@ get_global_roles_with_permissions, get_roles_with_permissions, ) +from dojo.location.models import AbstractLocation, Location from dojo.models import ( App_Analysis, Cred_Mapping, @@ -144,19 +145,30 @@ def user_has_permission(user: Dojo_User, obj: Model, permission: int) -> bool: user, obj.test.engagement.product, permission, ) if ( + isinstance(obj, Location) + and permission in Permissions.get_location_permissions() + ): + return any(user_has_permission(user, ref.product, permission) for ref in obj.products.all()) + if ( + isinstance(obj, AbstractLocation) + and permission in Permissions.get_location_permissions() + ): + return user_has_permission(user, obj.location, permission) + if ( + # TODO: Delete this after the move to Locations isinstance(obj, Endpoint) - and permission in Permissions.get_endpoint_permissions() + and permission in Permissions.get_location_permissions() ) or ( isinstance(obj, Languages) and permission in Permissions.get_language_permissions() - ) or (( + ) or ( isinstance(obj, App_Analysis) and permission in Permissions.get_technology_permissions() ) or ( isinstance(obj, Product_API_Scan_Configuration) and permission in Permissions.get_product_api_scan_configuration_permissions() - )): + ): return user_has_permission(user, obj.product, permission) if ( isinstance(obj, Product_Type_Member) diff --git a/dojo/authorization/roles_permissions.py b/dojo/authorization/roles_permissions.py index aaebbc76b15..ebd873dc617 100644 --- a/dojo/authorization/roles_permissions.py +++ b/dojo/authorization/roles_permissions.py @@ -61,10 +61,10 @@ class Permissions(IntEnum): Finding_Edit = 1406 Finding_Delete = 1407 - Endpoint_View = 1502 - Endpoint_Add = 1503 - Endpoint_Edit = 1506 - Endpoint_Delete = 1507 + Location_View = 1502 + Location_Add = 1503 + Location_Edit = 1506 + Location_Delete = 1507 Benchmark_Edit = 1606 Benchmark_Delete = 1607 @@ -186,11 +186,11 @@ def get_finding_group_permissions(cls): } @classmethod - def get_endpoint_permissions(cls): + def get_location_permissions(cls): return { - Permissions.Endpoint_View, - Permissions.Endpoint_Edit, - Permissions.Endpoint_Delete, + Permissions.Location_View, + Permissions.Location_Edit, + Permissions.Location_Delete, } @classmethod @@ -287,7 +287,7 @@ def get_roles_with_permissions(): Permissions.Test_View, Permissions.Finding_View, Permissions.Finding_Group_View, - Permissions.Endpoint_View, + Permissions.Location_View, Permissions.Component_View, Permissions.Note_Add, Permissions.Product_Group_View, @@ -309,7 +309,7 @@ def get_roles_with_permissions(): Permissions.Test_Edit, Permissions.Finding_View, Permissions.Finding_Group_View, - Permissions.Endpoint_View, + Permissions.Location_View, Permissions.Component_View, Permissions.Product_Group_View, Permissions.Product_Type_Group_View, @@ -335,9 +335,9 @@ def get_roles_with_permissions(): Permissions.Finding_Group_Add, Permissions.Finding_Group_Edit, Permissions.Finding_Group_Delete, - Permissions.Endpoint_View, - Permissions.Endpoint_Add, - Permissions.Endpoint_Edit, + Permissions.Location_View, + Permissions.Location_Add, + Permissions.Location_Edit, Permissions.Benchmark_Edit, Permissions.Component_View, Permissions.Note_View_History, @@ -388,10 +388,10 @@ def get_roles_with_permissions(): Permissions.Finding_Group_Add, Permissions.Finding_Group_Edit, Permissions.Finding_Group_Delete, - Permissions.Endpoint_View, - Permissions.Endpoint_Add, - Permissions.Endpoint_Edit, - Permissions.Endpoint_Delete, + Permissions.Location_View, + Permissions.Location_Add, + Permissions.Location_Edit, + Permissions.Location_Delete, Permissions.Benchmark_Edit, Permissions.Benchmark_Delete, Permissions.Component_View, @@ -465,10 +465,10 @@ def get_roles_with_permissions(): Permissions.Finding_Group_Add, Permissions.Finding_Group_Edit, Permissions.Finding_Group_Delete, - Permissions.Endpoint_View, - Permissions.Endpoint_Add, - Permissions.Endpoint_Edit, - Permissions.Endpoint_Delete, + Permissions.Location_View, + Permissions.Location_Add, + Permissions.Location_Edit, + Permissions.Location_Delete, Permissions.Benchmark_Edit, Permissions.Benchmark_Delete, Permissions.Component_View, diff --git a/dojo/base_models/__init__.py b/dojo/base_models/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/dojo/base_models/base.py b/dojo/base_models/base.py new file mode 100644 index 00000000000..8e1bf3feac9 --- /dev/null +++ b/dojo/base_models/base.py @@ -0,0 +1,106 @@ +import contextlib +import logging +from typing import TypeVar + +from django.conf import settings +from django.db.models import DateTimeField, Manager, Model, QuerySet +from django.utils.translation import gettext_lazy as _ + +logger = logging.getLogger(__name__) + +# Type variable for the model +T = TypeVar("T", bound="BaseModelWithoutTimeMeta") + + +class BaseQuerySet(QuerySet): + + """Base Queryset to add chainable queries.""" + + def order_by_id(self, *field_names: str): + return super().order_by("id") + + +class BaseManager(Manager): + + """Base manager to manipulate all objects with.""" + + QUERY_SET_CLASS = BaseQuerySet + + def get_queryset(self) -> QuerySet[T]: + return self.QUERY_SET_CLASS(self.model, using=self._db).order_by_id() + + +class BaseModelWithoutTimeMeta(Model): + + """Base model class that all models will extend.""" + + objects = BaseManager() + + class Meta: + + """Meta class for the base model.""" + + abstract = True + + def save(self, *args: list, skip_validation: bool = not settings.V3_FEATURE_LOCATIONS, **kwargs: dict) -> None: + """ + Override save method to call the `full_clean()` validation function each save. + + The `full_clean` function is also called here to perform validation on the model in + various places. Here is the name, and a brief description for each function: + - Validate the model fields - `clean_fields()` + - Validate the model as a whole - `clean()` + - Validate the field uniqueness - `validate_unique()` + All three steps are performed when you call a model's full_clean() method in the order above + """ + # Run the pre save logic, if enabled + self.pre_save_logic() + # Call the validations + if not skip_validation: + try: + self.full_clean() + except Exception: + self.print_all_fields() + raise + # Run the post save logic, if enabled + self.post_save_logic() + # Call the base save method to save the model to the database + super().save(*args, **kwargs) + + def pre_save_logic(self) -> None: + """Allow for some pre save operations by other classes.""" + + def post_save_logic(self) -> None: + """Allow for some post save operations by other classes.""" + + def print_all_fields(self) -> None: + """Query all fields, and then print them in an easy to read fashion.""" + with contextlib.suppress(ValueError): + fields = [f.name for f in self._meta.get_fields()] + logger.debug(f"\n\n-- {self._meta.object_name} --") + for field in fields: + logger.debug(f"\t {field}: {getattr(self, field, 'Unable to access')}") + + +class BaseModel(BaseModelWithoutTimeMeta): + + """Base model class that all models will extend, but with created/updated timestamps.""" + + created = DateTimeField( + verbose_name=_("Created"), + auto_now_add=True, + null=True, # This will never happen, but it fits what the current model defines + help_text=_("Time that the object was initially created, and saved to the database"), + ) + updated = DateTimeField( + verbose_name=_("Updated"), + auto_now=True, + null=True, # This will never happen, but it fits what the current model defines + help_text=_("Time that the object was most recently saved to the database"), + ) + + class Meta: + + """Meta class for the base model.""" + + abstract = True diff --git a/dojo/base_models/validators.py b/dojo/base_models/validators.py new file mode 100644 index 00000000000..08815b71342 --- /dev/null +++ b/dojo/base_models/validators.py @@ -0,0 +1,29 @@ +from django.core.exceptions import ValidationError + + +def validate_not_empty(value: str) -> None: + """Validate that the value is not an empty string.""" + if not value.strip(): + msg = "This field cannot be empty." + raise ValidationError(msg) + + +def no_spaces(value: str) -> None: + """Validate that raises a ValidationError if the input string contains spaces.""" + if " " in value: + msg = "This field cannot contain spaces." + raise ValidationError(msg) + + +def no_colons(value: str) -> None: + """Validate that raises a ValidationError if the input string contains colons.""" + if ":" in value: + msg = "This field cannot contain colons." + raise ValidationError(msg) + + +def only_lowercase(value: str) -> None: + """Validate that raises a ValidationError if the input string contains any uppercase letters.""" + if not value.islower(): + msg = "This field must contain only lowercase letters." + raise ValidationError(msg) diff --git a/dojo/context_processors.py b/dojo/context_processors.py index 6f6bef626d6..cc53af0f1e0 100644 --- a/dojo/context_processors.py +++ b/dojo/context_processors.py @@ -36,6 +36,8 @@ def globalize_vars(request): "API_TOKENS_ENABLED": settings.API_TOKENS_ENABLED, "API_TOKEN_AUTH_ENDPOINT_ENABLED": settings.API_TOKEN_AUTH_ENDPOINT_ENABLED, "CREATE_CLOUD_BANNER": settings.CREATE_CLOUD_BANNER, + # V3 Feature Flags + "V3_FEATURE_LOCATIONS": settings.V3_FEATURE_LOCATIONS, } diff --git a/dojo/db_migrations/0259_locations.py b/dojo/db_migrations/0259_locations.py new file mode 100644 index 00000000000..0aa0fa1a034 --- /dev/null +++ b/dojo/db_migrations/0259_locations.py @@ -0,0 +1,433 @@ +# Generated by Django 5.2.9 on 2026-02-01 01:40 + +import django.core.validators +import django.db.models.deletion +import dojo.base_models.validators +import dojo.url.validators +import pgtrigger.compiler +import pgtrigger.migrations +import tagulous.models.fields +import tagulous.models.models +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0258_alter_answer_options_alter_choiceanswer_options_and_more'), + ('pghistory', '0007_auto_20250421_0444'), + ] + + operations = [ + migrations.CreateModel( + name='Location', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('created', models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created')), + ('updated', models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated')), + ('location_type', models.CharField(editable=False, help_text='The type of location that is stored. This field is automatically managed', max_length=12, validators=[dojo.base_models.validators.validate_not_empty], verbose_name='Location type')), + ('location_value', models.CharField(editable=False, help_text='The string representation of a given location. This field is automatically managed', max_length=2048, validators=[dojo.base_models.validators.validate_not_empty], verbose_name='Location Value')), + ], + options={ + 'verbose_name': 'Locations - Location', + 'verbose_name_plural': 'Locations - Locations', + }, + ), + migrations.CreateModel( + name='LocationEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('created', models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created')), + ('updated', models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated')), + ('location_type', models.CharField(editable=False, help_text='The type of location that is stored. This field is automatically managed', max_length=12, validators=[dojo.base_models.validators.validate_not_empty], verbose_name='Location type')), + ('location_value', models.CharField(editable=False, help_text='The string representation of a given location. This field is automatically managed', max_length=2048, validators=[dojo.base_models.validators.validate_not_empty], verbose_name='Location Value')), + ], + options={ + 'abstract': False, + }, + ), + migrations.CreateModel( + name='LocationFindingReference', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('created', models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created')), + ('updated', models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated')), + ('audit_time', models.DateTimeField(blank=True, editable=False, help_text='The time when the audit was performed', null=True)), + ('status', models.CharField(choices=[('Active', 'Active'), ('Mitigated', 'Mitigated'), ('FalsePositive', 'False Positive'), ('RiskAccepted', 'Risk Accepted'), ('OutOfScope', 'Out Of Scope')], default='Active', help_text='The status of the the given Location', max_length=16, validators=[dojo.base_models.validators.validate_not_empty], verbose_name='Status')), + ], + options={ + 'verbose_name': 'Locations - FindingReference', + 'verbose_name_plural': 'Locations - FindingReferences', + }, + ), + migrations.CreateModel( + name='LocationProductReference', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('created', models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created')), + ('updated', models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated')), + ('status', models.CharField(choices=[('Active', 'Active'), ('Mitigated', 'Mitigated')], default='Mitigated', help_text='The status of the the given Location', max_length=16, validators=[dojo.base_models.validators.validate_not_empty], verbose_name='Status')), + ], + options={ + 'verbose_name': 'Locations - ProductReference', + 'verbose_name_plural': 'Locations - ProductReferences', + }, + ), + migrations.CreateModel( + name='Tagulous_Location_inherited_tags', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('name', models.CharField(max_length=255, unique=True)), + ('slug', models.SlugField()), + ('count', models.IntegerField(default=0, help_text='Internal counter of how many times this tag is in use')), + ('protected', models.BooleanField(default=False, help_text='Will not be deleted when the count reaches 0')), + ], + options={ + 'ordering': ('name',), + 'abstract': False, + }, + bases=(tagulous.models.models.BaseTagModel, models.Model), + ), + migrations.CreateModel( + name='Tagulous_Location_tags', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('name', models.CharField(max_length=255, unique=True)), + ('slug', models.SlugField()), + ('count', models.IntegerField(default=0, help_text='Internal counter of how many times this tag is in use')), + ('protected', models.BooleanField(default=False, help_text='Will not be deleted when the count reaches 0')), + ], + options={ + 'ordering': ('name',), + 'abstract': False, + }, + bases=(tagulous.models.models.BaseTagModel, models.Model), + ), + migrations.CreateModel( + name='URL', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('protocol', models.CharField(blank=True, default='', help_text='The protocol of the URL (e.g., http, https, ftp, etc.)', max_length=10, validators=[dojo.url.validators.validate_protocol])), + ('user_info', models.CharField(blank=True, default='', help_text='Connection details for a given user', max_length=512, validators=[dojo.url.validators.validate_user_info])), + ('host', models.CharField(help_text='The host of the URL, which can be a domain name or an IP address', max_length=256, validators=[dojo.base_models.validators.validate_not_empty])), + ('port', models.PositiveIntegerField(blank=True, help_text='The port number of the URL (optional)', null=True, validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(65535)])), + ('path', models.CharField(blank=True, default='', help_text='The path of the URL (optional),', max_length=2048)), + ('query', models.CharField(blank=True, default='', help_text='The query string of the URL (optional)', max_length=2048, validators=[dojo.url.validators.validate_query])), + ('fragment', models.CharField(blank=True, default='', help_text='The fragment identifier of the URL (optional)', max_length=2048, validators=[dojo.url.validators.validate_fragment])), + ('host_validation_failure', models.BooleanField(default=False, help_text='Dictates whether the endpoint was found to have host validation issues during creation')), + ('hash', models.CharField(editable=False, help_text='The hash of the URL for uniqueness', max_length=64, unique=True, validators=[django.core.validators.MinLengthValidator(64)])), + ], + options={ + 'verbose_name': 'Locations - URL', + 'verbose_name_plural': 'Locations - URLs', + }, + ), + migrations.CreateModel( + name='URLEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('protocol', models.CharField(blank=True, default='', help_text='The protocol of the URL (e.g., http, https, ftp, etc.)', max_length=10, validators=[dojo.url.validators.validate_protocol])), + ('user_info', models.CharField(blank=True, default='', help_text='Connection details for a given user', max_length=512, validators=[dojo.url.validators.validate_user_info])), + ('host', models.CharField(help_text='The host of the URL, which can be a domain name or an IP address', max_length=256, validators=[dojo.base_models.validators.validate_not_empty])), + ('port', models.PositiveIntegerField(blank=True, help_text='The port number of the URL (optional)', null=True, validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(65535)])), + ('path', models.CharField(blank=True, default='', help_text='The path of the URL (optional),', max_length=2048)), + ('query', models.CharField(blank=True, default='', help_text='The query string of the URL (optional)', max_length=2048, validators=[dojo.url.validators.validate_query])), + ('fragment', models.CharField(blank=True, default='', help_text='The fragment identifier of the URL (optional)', max_length=2048, validators=[dojo.url.validators.validate_fragment])), + ('host_validation_failure', models.BooleanField(default=False, help_text='Dictates whether the endpoint was found to have host validation issues during creation')), + ('hash', models.CharField(editable=False, help_text='The hash of the URL for uniqueness', max_length=64, validators=[django.core.validators.MinLengthValidator(64)])), + ], + options={ + 'abstract': False, + }, + ), + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='insert_insert', + ), + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='update_update', + ), + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='delete_delete', + ), + migrations.AddField( + model_name='finding', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AddField( + model_name='findingevent', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AlterField( + model_name='engagement', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='engagement', + name='status', + field=models.CharField(choices=[('Not Started', 'Not Started'), ('Blocked', 'Blocked'), ('Cancelled', 'Cancelled'), ('Completed', 'Completed'), ('In Progress', 'In Progress'), ('On Hold', 'On Hold'), ('Waiting for Resource', 'Waiting for Resource')], default='Not Started', max_length=2000, null=True), + ), + migrations.AlterField( + model_name='engagement', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AlterField( + model_name='engagementevent', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='engagementevent', + name='status', + field=models.CharField(choices=[('Not Started', 'Not Started'), ('Blocked', 'Blocked'), ('Cancelled', 'Cancelled'), ('Completed', 'Completed'), ('In Progress', 'In Progress'), ('On Hold', 'On Hold'), ('Waiting for Resource', 'Waiting for Resource')], default='Not Started', max_length=2000, null=True), + ), + migrations.AlterField( + model_name='engagementevent', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AlterField( + model_name='finding', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='findingevent', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='product', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='product', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AlterField( + model_name='product_type', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='product_type', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AlterField( + model_name='product_typeevent', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='product_typeevent', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AlterField( + model_name='productevent', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='productevent', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "updated", "url", "verified", "vuln_id_from_tool") VALUES (NEW."active", NEW."component_name", NEW."component_version", NEW."created", NEW."cve", NEW."cvssv3", NEW."cvssv3_score", NEW."cvssv4", NEW."cvssv4_score", NEW."cwe", NEW."date", NEW."defect_review_requested_by_id", NEW."description", NEW."duplicate", NEW."duplicate_finding_id", NEW."dynamic_finding", NEW."effort_for_fixing", NEW."epss_percentile", NEW."epss_score", NEW."false_p", NEW."file_path", NEW."fix_available", NEW."fix_version", NEW."hash_code", NEW."id", NEW."impact", NEW."is_mitigated", NEW."kev_date", NEW."known_exploited", NEW."last_reviewed", NEW."last_reviewed_by_id", NEW."last_status_update", NEW."line", NEW."mitigated", NEW."mitigated_by_id", NEW."mitigation", NEW."nb_occurences", NEW."numerical_severity", NEW."out_of_scope", NEW."param", NEW."payload", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."planned_remediation_date", NEW."planned_remediation_version", NEW."publish_date", NEW."ransomware_used", NEW."refs", NEW."reporter_id", NEW."review_requested_by_id", NEW."risk_accepted", NEW."sast_sink_object", NEW."sast_source_file_path", NEW."sast_source_line", NEW."sast_source_object", NEW."scanner_confidence", NEW."service", NEW."severity", NEW."severity_justification", NEW."sla_expiration_date", NEW."sla_start_date", NEW."sonarqube_issue_id", NEW."static_finding", NEW."steps_to_reproduce", NEW."test_id", NEW."thread_id", NEW."title", NEW."under_defect_review", NEW."under_review", NEW."unique_id_from_tool", NEW."updated", NEW."url", NEW."verified", NEW."vuln_id_from_tool"); RETURN NULL;', hash='b8eea714d4e92bd779ff82939552ad55346d949f', operation='INSERT', pgid='pgtrigger_insert_insert_2fbbb', table='dojo_finding', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='update_update', sql=pgtrigger.compiler.UpsertTriggerSql(condition='WHEN (OLD."active" IS DISTINCT FROM (NEW."active") OR OLD."component_name" IS DISTINCT FROM (NEW."component_name") OR OLD."component_version" IS DISTINCT FROM (NEW."component_version") OR OLD."cve" IS DISTINCT FROM (NEW."cve") OR OLD."cvssv3" IS DISTINCT FROM (NEW."cvssv3") OR OLD."cvssv3_score" IS DISTINCT FROM (NEW."cvssv3_score") OR OLD."cvssv4" IS DISTINCT FROM (NEW."cvssv4") OR OLD."cvssv4_score" IS DISTINCT FROM (NEW."cvssv4_score") OR OLD."cwe" IS DISTINCT FROM (NEW."cwe") OR OLD."date" IS DISTINCT FROM (NEW."date") OR OLD."defect_review_requested_by_id" IS DISTINCT FROM (NEW."defect_review_requested_by_id") OR OLD."description" IS DISTINCT FROM (NEW."description") OR OLD."duplicate" IS DISTINCT FROM (NEW."duplicate") OR OLD."duplicate_finding_id" IS DISTINCT FROM (NEW."duplicate_finding_id") OR OLD."dynamic_finding" IS DISTINCT FROM (NEW."dynamic_finding") OR OLD."effort_for_fixing" IS DISTINCT FROM (NEW."effort_for_fixing") OR OLD."epss_percentile" IS DISTINCT FROM (NEW."epss_percentile") OR OLD."epss_score" IS DISTINCT FROM (NEW."epss_score") OR OLD."false_p" IS DISTINCT FROM (NEW."false_p") OR OLD."file_path" IS DISTINCT FROM (NEW."file_path") OR OLD."fix_available" IS DISTINCT FROM (NEW."fix_available") OR OLD."fix_version" IS DISTINCT FROM (NEW."fix_version") OR OLD."hash_code" IS DISTINCT FROM (NEW."hash_code") OR OLD."id" IS DISTINCT FROM (NEW."id") OR OLD."impact" IS DISTINCT FROM (NEW."impact") OR OLD."is_mitigated" IS DISTINCT FROM (NEW."is_mitigated") OR OLD."kev_date" IS DISTINCT FROM (NEW."kev_date") OR OLD."known_exploited" IS DISTINCT FROM (NEW."known_exploited") OR OLD."last_reviewed" IS DISTINCT FROM (NEW."last_reviewed") OR OLD."last_reviewed_by_id" IS DISTINCT FROM (NEW."last_reviewed_by_id") OR OLD."line" IS DISTINCT FROM (NEW."line") OR OLD."mitigated" IS DISTINCT FROM (NEW."mitigated") OR OLD."mitigated_by_id" IS DISTINCT FROM (NEW."mitigated_by_id") OR OLD."mitigation" IS DISTINCT FROM (NEW."mitigation") OR OLD."nb_occurences" IS DISTINCT FROM (NEW."nb_occurences") OR OLD."numerical_severity" IS DISTINCT FROM (NEW."numerical_severity") OR OLD."out_of_scope" IS DISTINCT FROM (NEW."out_of_scope") OR OLD."param" IS DISTINCT FROM (NEW."param") OR OLD."payload" IS DISTINCT FROM (NEW."payload") OR OLD."planned_remediation_date" IS DISTINCT FROM (NEW."planned_remediation_date") OR OLD."planned_remediation_version" IS DISTINCT FROM (NEW."planned_remediation_version") OR OLD."publish_date" IS DISTINCT FROM (NEW."publish_date") OR OLD."ransomware_used" IS DISTINCT FROM (NEW."ransomware_used") OR OLD."refs" IS DISTINCT FROM (NEW."refs") OR OLD."reporter_id" IS DISTINCT FROM (NEW."reporter_id") OR OLD."review_requested_by_id" IS DISTINCT FROM (NEW."review_requested_by_id") OR OLD."risk_accepted" IS DISTINCT FROM (NEW."risk_accepted") OR OLD."sast_sink_object" IS DISTINCT FROM (NEW."sast_sink_object") OR OLD."sast_source_file_path" IS DISTINCT FROM (NEW."sast_source_file_path") OR OLD."sast_source_line" IS DISTINCT FROM (NEW."sast_source_line") OR OLD."sast_source_object" IS DISTINCT FROM (NEW."sast_source_object") OR OLD."scanner_confidence" IS DISTINCT FROM (NEW."scanner_confidence") OR OLD."service" IS DISTINCT FROM (NEW."service") OR OLD."severity" IS DISTINCT FROM (NEW."severity") OR OLD."severity_justification" IS DISTINCT FROM (NEW."severity_justification") OR OLD."sla_expiration_date" IS DISTINCT FROM (NEW."sla_expiration_date") OR OLD."sla_start_date" IS DISTINCT FROM (NEW."sla_start_date") OR OLD."sonarqube_issue_id" IS DISTINCT FROM (NEW."sonarqube_issue_id") OR OLD."static_finding" IS DISTINCT FROM (NEW."static_finding") OR OLD."steps_to_reproduce" IS DISTINCT FROM (NEW."steps_to_reproduce") OR OLD."test_id" IS DISTINCT FROM (NEW."test_id") OR OLD."thread_id" IS DISTINCT FROM (NEW."thread_id") OR OLD."title" IS DISTINCT FROM (NEW."title") OR OLD."under_defect_review" IS DISTINCT FROM (NEW."under_defect_review") OR OLD."under_review" IS DISTINCT FROM (NEW."under_review") OR OLD."unique_id_from_tool" IS DISTINCT FROM (NEW."unique_id_from_tool") OR OLD."url" IS DISTINCT FROM (NEW."url") OR OLD."verified" IS DISTINCT FROM (NEW."verified") OR OLD."vuln_id_from_tool" IS DISTINCT FROM (NEW."vuln_id_from_tool"))', func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "updated", "url", "verified", "vuln_id_from_tool") VALUES (NEW."active", NEW."component_name", NEW."component_version", NEW."created", NEW."cve", NEW."cvssv3", NEW."cvssv3_score", NEW."cvssv4", NEW."cvssv4_score", NEW."cwe", NEW."date", NEW."defect_review_requested_by_id", NEW."description", NEW."duplicate", NEW."duplicate_finding_id", NEW."dynamic_finding", NEW."effort_for_fixing", NEW."epss_percentile", NEW."epss_score", NEW."false_p", NEW."file_path", NEW."fix_available", NEW."fix_version", NEW."hash_code", NEW."id", NEW."impact", NEW."is_mitigated", NEW."kev_date", NEW."known_exploited", NEW."last_reviewed", NEW."last_reviewed_by_id", NEW."last_status_update", NEW."line", NEW."mitigated", NEW."mitigated_by_id", NEW."mitigation", NEW."nb_occurences", NEW."numerical_severity", NEW."out_of_scope", NEW."param", NEW."payload", _pgh_attach_context(), NOW(), \'update\', NEW."id", NEW."planned_remediation_date", NEW."planned_remediation_version", NEW."publish_date", NEW."ransomware_used", NEW."refs", NEW."reporter_id", NEW."review_requested_by_id", NEW."risk_accepted", NEW."sast_sink_object", NEW."sast_source_file_path", NEW."sast_source_line", NEW."sast_source_object", NEW."scanner_confidence", NEW."service", NEW."severity", NEW."severity_justification", NEW."sla_expiration_date", NEW."sla_start_date", NEW."sonarqube_issue_id", NEW."static_finding", NEW."steps_to_reproduce", NEW."test_id", NEW."thread_id", NEW."title", NEW."under_defect_review", NEW."under_review", NEW."unique_id_from_tool", NEW."updated", NEW."url", NEW."verified", NEW."vuln_id_from_tool"); RETURN NULL;', hash='3a8608f3269631a51e32dffe79021258c6c4af33', operation='UPDATE', pgid='pgtrigger_update_update_92175', table='dojo_finding', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "updated", "url", "verified", "vuln_id_from_tool") VALUES (OLD."active", OLD."component_name", OLD."component_version", OLD."created", OLD."cve", OLD."cvssv3", OLD."cvssv3_score", OLD."cvssv4", OLD."cvssv4_score", OLD."cwe", OLD."date", OLD."defect_review_requested_by_id", OLD."description", OLD."duplicate", OLD."duplicate_finding_id", OLD."dynamic_finding", OLD."effort_for_fixing", OLD."epss_percentile", OLD."epss_score", OLD."false_p", OLD."file_path", OLD."fix_available", OLD."fix_version", OLD."hash_code", OLD."id", OLD."impact", OLD."is_mitigated", OLD."kev_date", OLD."known_exploited", OLD."last_reviewed", OLD."last_reviewed_by_id", OLD."last_status_update", OLD."line", OLD."mitigated", OLD."mitigated_by_id", OLD."mitigation", OLD."nb_occurences", OLD."numerical_severity", OLD."out_of_scope", OLD."param", OLD."payload", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."planned_remediation_date", OLD."planned_remediation_version", OLD."publish_date", OLD."ransomware_used", OLD."refs", OLD."reporter_id", OLD."review_requested_by_id", OLD."risk_accepted", OLD."sast_sink_object", OLD."sast_source_file_path", OLD."sast_source_line", OLD."sast_source_object", OLD."scanner_confidence", OLD."service", OLD."severity", OLD."severity_justification", OLD."sla_expiration_date", OLD."sla_start_date", OLD."sonarqube_issue_id", OLD."static_finding", OLD."steps_to_reproduce", OLD."test_id", OLD."thread_id", OLD."title", OLD."under_defect_review", OLD."under_review", OLD."unique_id_from_tool", OLD."updated", OLD."url", OLD."verified", OLD."vuln_id_from_tool"); RETURN NULL;', hash='dd1240d046d5292ab4e6ce9cd193d921c9c2d309', operation='DELETE', pgid='pgtrigger_delete_delete_72933', table='dojo_finding', when='AFTER')), + ), + migrations.AlterUniqueTogether( + name='dojometa', + unique_together={('endpoint', 'name'), ('finding', 'name'), ('product', 'name')}, + ), + migrations.AddField( + model_name='dojometa', + name='location', + field=models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='location_meta', to='dojo.location'), + ), + migrations.AlterUniqueTogether( + name='dojometa', + unique_together={('endpoint', 'name'), ('finding', 'name'), ('location', 'name'), ('product', 'name')}, + ), + migrations.AddField( + model_name='locationevent', + name='pgh_context', + field=models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context'), + ), + migrations.AddField( + model_name='locationevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.location'), + ), + migrations.AddField( + model_name='locationfindingreference', + name='auditor', + field=models.ForeignKey(blank=True, help_text='The user who audited the location', null=True, on_delete=django.db.models.deletion.RESTRICT, to='dojo.dojo_user'), + ), + migrations.AddField( + model_name='locationfindingreference', + name='finding', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='locations', to='dojo.finding'), + ), + migrations.AddField( + model_name='locationfindingreference', + name='location', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='findings', to='dojo.location'), + ), + migrations.AddField( + model_name='locationproductreference', + name='location', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='products', to='dojo.location'), + ), + migrations.AddField( + model_name='locationproductreference', + name='product', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='locations', to='dojo.product'), + ), + migrations.AlterUniqueTogether( + name='tagulous_location_inherited_tags', + unique_together={('slug',)}, + ), + migrations.AddField( + model_name='location', + name='inherited_tags', + field=tagulous.models.fields.TagField(_set_tag_meta=True, blank=True, force_lowercase=True, help_text='Internal use tags sepcifically for maintaining parity with product. This field will be present as a subset in the tags field', to='dojo.tagulous_location_inherited_tags'), + ), + migrations.AlterUniqueTogether( + name='tagulous_location_tags', + unique_together={('slug',)}, + ), + migrations.AddField( + model_name='location', + name='tags', + field=tagulous.models.fields.TagField(_set_tag_meta=True, blank=True, force_lowercase=True, help_text='A tag that can be used to differentiate a Location', related_name='location_tags', to='dojo.tagulous_location_tags', verbose_name='Tags'), + ), + migrations.AddField( + model_name='url', + name='location', + field=models.OneToOneField(editable=False, on_delete=django.db.models.deletion.CASCADE, related_name='%(class)s', to='dojo.location'), + ), + migrations.AddField( + model_name='urlevent', + name='location', + field=models.ForeignKey(db_constraint=False, db_index=False, editable=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.location'), + ), + migrations.AddField( + model_name='urlevent', + name='pgh_context', + field=models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context'), + ), + migrations.AddField( + model_name='urlevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.url'), + ), + migrations.AddIndex( + model_name='locationevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_locati_pgh_cre_f68343_idx'), + ), + migrations.AddIndex( + model_name='locationevent', + index=models.Index(fields=['pgh_label'], name='dojo_locati_pgh_lab_a8d664_idx'), + ), + migrations.AddIndex( + model_name='locationevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_locati_pgh_con_4d6540_idx'), + ), + migrations.AddIndex( + model_name='locationfindingreference', + index=models.Index(fields=['location'], name='dojo_locati_locatio_b2391a_idx'), + ), + migrations.AddIndex( + model_name='locationfindingreference', + index=models.Index(fields=['finding'], name='dojo_locati_finding_37bd65_idx'), + ), + migrations.AddConstraint( + model_name='locationfindingreference', + constraint=models.UniqueConstraint(fields=('location', 'finding'), name='unique_location_and_finding'), + ), + migrations.AddIndex( + model_name='locationproductreference', + index=models.Index(fields=['location'], name='dojo_locati_locatio_98e7c1_idx'), + ), + migrations.AddIndex( + model_name='locationproductreference', + index=models.Index(fields=['product'], name='dojo_locati_product_9210d6_idx'), + ), + migrations.AddConstraint( + model_name='locationproductreference', + constraint=models.UniqueConstraint(fields=('location', 'product'), name='unique_location_and_product'), + ), + migrations.AddIndex( + model_name='location', + index=models.Index(fields=['location_type'], name='dojo_locati_locatio_72369b_idx'), + ), + migrations.AddIndex( + model_name='location', + index=models.Index(fields=['location_value'], name='dojo_locati_locatio_e7d251_idx'), + ), + pgtrigger.migrations.AddTrigger( + model_name='location', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_locationevent" ("created", "id", "location_type", "location_value", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "updated") VALUES (NEW."created", NEW."id", NEW."location_type", NEW."location_value", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."updated"); RETURN NULL;', hash='645dec2b5ed2c7fadcead7f144854dc788300cb0', operation='INSERT', pgid='pgtrigger_insert_insert_d5ba2', table='dojo_location', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='location', + trigger=pgtrigger.compiler.Trigger(name='update_update', sql=pgtrigger.compiler.UpsertTriggerSql(condition='WHEN (OLD."id" IS DISTINCT FROM (NEW."id") OR OLD."location_type" IS DISTINCT FROM (NEW."location_type") OR OLD."location_value" IS DISTINCT FROM (NEW."location_value"))', func='INSERT INTO "dojo_locationevent" ("created", "id", "location_type", "location_value", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "updated") VALUES (NEW."created", NEW."id", NEW."location_type", NEW."location_value", _pgh_attach_context(), NOW(), \'update\', NEW."id", NEW."updated"); RETURN NULL;', hash='4c3d9633d78f12dba4637e94abe63b246578f24a', operation='UPDATE', pgid='pgtrigger_update_update_a892f', table='dojo_location', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='location', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_locationevent" ("created", "id", "location_type", "location_value", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "updated") VALUES (OLD."created", OLD."id", OLD."location_type", OLD."location_value", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."updated"); RETURN NULL;', hash='b8a61e7fc8b8a548b8f4035e6545f53ffd50a514', operation='DELETE', pgid='pgtrigger_delete_delete_73982', table='dojo_location', when='AFTER')), + ), + migrations.AddIndex( + model_name='url', + index=models.Index(fields=['host', 'hash'], name='dojo_url_host_25c32d_idx'), + ), + pgtrigger.migrations.AddTrigger( + model_name='url', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_urlevent" ("fragment", "hash", "host", "host_validation_failure", "id", "location_id", "path", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "port", "protocol", "query", "user_info") VALUES (NEW."fragment", NEW."hash", NEW."host", NEW."host_validation_failure", NEW."id", NEW."location_id", NEW."path", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."port", NEW."protocol", NEW."query", NEW."user_info"); RETURN NULL;', hash='4b583222af9a9bb01a03c076e1a3bd0073045974', operation='INSERT', pgid='pgtrigger_insert_insert_9de22', table='dojo_url', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='url', + trigger=pgtrigger.compiler.Trigger(name='update_update', sql=pgtrigger.compiler.UpsertTriggerSql(condition='WHEN (OLD.* IS DISTINCT FROM NEW.*)', func='INSERT INTO "dojo_urlevent" ("fragment", "hash", "host", "host_validation_failure", "id", "location_id", "path", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "port", "protocol", "query", "user_info") VALUES (NEW."fragment", NEW."hash", NEW."host", NEW."host_validation_failure", NEW."id", NEW."location_id", NEW."path", _pgh_attach_context(), NOW(), \'update\', NEW."id", NEW."port", NEW."protocol", NEW."query", NEW."user_info"); RETURN NULL;', hash='0609684577a76d699959271c7c1cbc909a1375ac', operation='UPDATE', pgid='pgtrigger_update_update_4785e', table='dojo_url', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='url', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_urlevent" ("fragment", "hash", "host", "host_validation_failure", "id", "location_id", "path", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "port", "protocol", "query", "user_info") VALUES (OLD."fragment", OLD."hash", OLD."host", OLD."host_validation_failure", OLD."id", OLD."location_id", OLD."path", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."port", OLD."protocol", OLD."query", OLD."user_info"); RETURN NULL;', hash='0017924395c4cdd15f087628ad6b741c99dd24b2', operation='DELETE', pgid='pgtrigger_delete_delete_ca7d6', table='dojo_url', when='AFTER')), + ), + migrations.AddIndex( + model_name='urlevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_urleve_pgh_cre_de0a00_idx'), + ), + migrations.AddIndex( + model_name='urlevent', + index=models.Index(fields=['pgh_label'], name='dojo_urleve_pgh_lab_53223a_idx'), + ), + migrations.AddIndex( + model_name='urlevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_urleve_pgh_con_b0d6dd_idx'), + ), + ] diff --git a/dojo/db_migrations/max_migration.txt b/dojo/db_migrations/max_migration.txt index afbe605a035..ba12c472015 100644 --- a/dojo/db_migrations/max_migration.txt +++ b/dojo/db_migrations/max_migration.txt @@ -1 +1 @@ -0258_alter_answer_options_alter_choiceanswer_options_and_more +0259_locations diff --git a/dojo/decorators.py b/dojo/decorators.py index a2fbba9dd54..a2a5b91e56b 100644 --- a/dojo/decorators.py +++ b/dojo/decorators.py @@ -3,6 +3,7 @@ from functools import wraps from django.conf import settings +from django.http import Http404 from django_ratelimit import UNSAFE from django_ratelimit.core import is_ratelimited from django_ratelimit.exceptions import Ratelimited @@ -157,4 +158,21 @@ def _wrapped(request, *args, **kw): raise Ratelimited return fn(request, *args, **kw) return _wrapped + + return decorator + + +def require_v3_feature_set(): + """Decorator that raises 404 if the V3_FEATURE_LOCATIONS is False.""" + + def decorator(func): + @wraps(func) + def _wrapped_view(request, *args, **kwargs): + if not getattr(settings, "V3_FEATURE_LOCATIONS", False): + msg = "V3_FEATURE_LOCATIONS must be enabled." + raise Http404(msg) + return func(request, *args, **kwargs) + + return _wrapped_view + return decorator diff --git a/dojo/endpoint/urls.py b/dojo/endpoint/urls.py index 290f32961a2..94f6fbdcdb7 100644 --- a/dojo/endpoint/urls.py +++ b/dojo/endpoint/urls.py @@ -24,9 +24,9 @@ name="delete_endpoint"), re_path(r"^endpoints/add$", views.add_product_endpoint, name="add_product_endpoint"), - re_path(r"^endpoint/(?P\d+)/add_meta_data$", views.add_meta_data, + re_path(r"^endpoint/(?P\d+)/add_meta_data$", views.manage_meta_data, name="add_endpoint_meta_data"), - re_path(r"^endpoint/(?P\d+)/edit_meta_data$", views.edit_meta_data, + re_path(r"^endpoint/(?P\d+)/edit_meta_data$", views.manage_meta_data, name="edit_endpoint_meta_data"), re_path(r"^endpoint/bulk$", views.endpoint_bulk_update_all, name="endpoints_bulk_all"), @@ -38,4 +38,8 @@ name="endpoint_migrate"), re_path(r"^endpoint/(?P\d+)/import_endpoint_meta$", views.import_endpoint_meta, name="import_endpoint_meta"), + re_path(r"^endpoint/(?P\d+)/report$", views.endpoint_report, + name="endpoint_report"), + re_path(r"^endpoint/host/(?P\d+)/report$", views.endpoint_host_report, + name="endpoint_host_report"), ] diff --git a/dojo/endpoint/utils.py b/dojo/endpoint/utils.py index 75f81e60827..87ef66830fd 100644 --- a/dojo/endpoint/utils.py +++ b/dojo/endpoint/utils.py @@ -11,7 +11,9 @@ from django.urls import reverse from hyperlink._url import SCHEME_PORT_MAP # noqa: PLC2701 +from dojo.location.models import Location from dojo.models import DojoMeta, Endpoint +from dojo.url.models import URL logger = logging.getLogger(__name__) @@ -295,7 +297,7 @@ def save_endpoints_to_add(endpoint_list, product): return processed_endpoints -def endpoint_meta_import(file, product, create_endpoints, create_tags, create_meta, origin="UI", request=None): +def endpoint_meta_import(file, product, create_endpoints, create_tags, create_meta, origin="UI", request=None, object_class=Endpoint): content = file.read() sig = content.decode("utf-8-sig") content = sig.encode("utf-8") @@ -324,9 +326,17 @@ def endpoint_meta_import(file, product, create_endpoints, create_tags, create_me if not host: continue - endpoints = Endpoint.objects.filter(host=host, product=product) - if not endpoints.count() and create_endpoints: - endpoints = [Endpoint.objects.create(host=host, product=product)] + # TODO: Delete this after the move to Locations + if object_class == Endpoint: + endpoints = Endpoint.objects.filter(host=host, product=product) + if not endpoints.exists() and create_endpoints: + endpoints = [Endpoint.objects.create(host=host, product=product)] + elif object_class == Location: + endpoints = Location.objects.filter(url__host=host, products__product=product) + if not endpoints.exists() and create_endpoints: + url = URL.get_or_create_from_values(host=host) + url.location.associate_with_product(product) + endpoints = [url.location] meta = [(key, row.get(key)) for key in keys] for endpoint in endpoints: @@ -336,9 +346,15 @@ def endpoint_meta_import(file, product, create_endpoints, create_tags, create_me if item[1] is not None and len(item[1]) > 0: if create_meta: # check if meta exists first. Don't want to make duplicate endpoints - dojo_meta, _create = DojoMeta.objects.get_or_create( - endpoint=endpoint, - name=item[0]) + # TODO: Delete this after the move to Locations + if object_class == Endpoint: + dojo_meta = DojoMeta.objects.get_or_create( + endpoint=endpoint, + name=item[0])[0] + elif object_class == Location: + dojo_meta = DojoMeta.objects.get_or_create( + location=endpoint, + name=item[0])[0] dojo_meta.value = item[1] dojo_meta.save() if create_tags: diff --git a/dojo/endpoint/views.py b/dojo/endpoint/views.py index 24735d35f51..f66869d35b2 100644 --- a/dojo/endpoint/views.py +++ b/dojo/endpoint/views.py @@ -21,9 +21,16 @@ from dojo.endpoint.queries import get_authorized_endpoints_for_queryset from dojo.endpoint.utils import clean_hosts_run, endpoint_meta_import from dojo.filters import EndpointFilter, EndpointFilterWithoutObjectLookups -from dojo.forms import AddEndpointForm, DeleteEndpointForm, DojoMetaDataForm, EditEndpointForm, ImportEndpointMetaForm +from dojo.forms import ( + AddEndpointForm, + DeleteEndpointForm, + DojoMetaFormSet, + EditEndpointForm, + ImportEndpointMetaForm, +) from dojo.models import DojoMeta, Endpoint, Endpoint_Status, Finding, Product from dojo.query_utils import build_count_subquery +from dojo.reports.views import generate_report from dojo.utils import ( Product_Tab, add_breadcrumb, @@ -52,7 +59,7 @@ def process_endpoints_view(request, *, host_view=False, vulnerable=False): endpoints = Endpoint.objects.all() endpoints = endpoints.prefetch_related("product", "product__tags", "tags").distinct() - endpoints = get_authorized_endpoints_for_queryset(Permissions.Endpoint_View, endpoints, request.user) + endpoints = get_authorized_endpoints_for_queryset(Permissions.Location_View, endpoints, request.user) filter_string_matching = get_system_setting("filter_string_matching", False) filter_class = EndpointFilterWithoutObjectLookups if filter_string_matching else EndpointFilter if host_view: @@ -167,17 +174,17 @@ def process_endpoint_view(request, eid, *, host_view=False): }) -@user_is_authorized(Endpoint, Permissions.Endpoint_View, "eid") +@user_is_authorized(Endpoint, Permissions.Location_View, "eid") def view_endpoint(request, eid): return process_endpoint_view(request, eid, host_view=False) -@user_is_authorized(Endpoint, Permissions.Endpoint_View, "eid") +@user_is_authorized(Endpoint, Permissions.Location_View, "eid") def view_endpoint_host(request, eid): return process_endpoint_view(request, eid, host_view=True) -@user_is_authorized(Endpoint, Permissions.Endpoint_Edit, "eid") +@user_is_authorized(Endpoint, Permissions.Location_Edit, "eid") def edit_endpoint(request, eid): endpoint = get_object_or_404(Endpoint, id=eid) @@ -205,7 +212,7 @@ def edit_endpoint(request, eid): }) -@user_is_authorized(Endpoint, Permissions.Endpoint_Delete, "eid") +@user_is_authorized(Endpoint, Permissions.Location_Delete, "eid") def delete_endpoint(request, eid): endpoint = get_object_or_404(Endpoint, pk=eid) product = endpoint.product @@ -240,7 +247,7 @@ def delete_endpoint(request, eid): }) -@user_is_authorized(Product, Permissions.Endpoint_Add, "pid") +@user_is_authorized(Product, Permissions.Location_Add, "pid") def add_endpoint(request, pid): product = get_object_or_404(Product, id=pid) template = "dojo/add_endpoint.html" @@ -273,7 +280,7 @@ def add_product_endpoint(request): if request.method == "POST": form = AddEndpointForm(request.POST) if form.is_valid(): - user_has_permission_or_403(request.user, form.product, Permissions.Endpoint_Add) + user_has_permission_or_403(request.user, form.product, Permissions.Location_Add) endpoints = form.save() tags = request.POST.get("tags") for e in endpoints: @@ -292,64 +299,29 @@ def add_product_endpoint(request): }) -@user_is_authorized(Endpoint, Permissions.Endpoint_Edit, "eid") -def add_meta_data(request, eid): - endpoint = Endpoint.objects.get(id=eid) - if request.method == "POST": - form = DojoMetaDataForm(request.POST, instance=DojoMeta(endpoint=endpoint)) - if form.is_valid(): - form.save() - messages.add_message(request, - messages.SUCCESS, - "Metadata added successfully.", - extra_tags="alert-success") - if "add_another" in request.POST: - return HttpResponseRedirect(reverse("add_endpoint_meta_data", args=(eid,))) - return HttpResponseRedirect(reverse("view_endpoint", args=(eid,))) - else: - form = DojoMetaDataForm() - - add_breadcrumb(parent=endpoint, title="Add Metadata", top_level=False, request=request) - product_tab = Product_Tab(endpoint.product, "Add Metadata", tab="endpoints") - return render(request, - "dojo/add_endpoint_meta_data.html", - {"form": form, - "product_tab": product_tab, - "endpoint": endpoint, - }) - - -@user_is_authorized(Endpoint, Permissions.Endpoint_Edit, "eid") -def edit_meta_data(request, eid): +@user_is_authorized(Endpoint, Permissions.Location_Edit, "eid") +def manage_meta_data(request, eid): endpoint = Endpoint.objects.get(id=eid) + meta_data_query = DojoMeta.objects.filter(endpoint=endpoint) + form_mapping = {"endpoint": endpoint} + formset = DojoMetaFormSet(queryset=meta_data_query, form_kwargs={"fk_map": form_mapping}) if request.method == "POST": - for key, orig_value in request.POST.items(): - if key.startswith("cfv_"): - cfv_id = int(key.split("_")[1]) - cfv = get_object_or_404(DojoMeta, id=cfv_id) - - value = orig_value.strip() - if value: - cfv.value = value - cfv.save() - if key.startswith("delete_"): - cfv_id = int(key.split("_")[2]) - cfv = get_object_or_404(DojoMeta, id=cfv_id) - cfv.delete() - - messages.add_message(request, - messages.SUCCESS, - "Metadata edited successfully.", - extra_tags="alert-success") - return HttpResponseRedirect(reverse("view_endpoint", args=(eid,))) + formset = DojoMetaFormSet(request.POST, queryset=meta_data_query, form_kwargs={"fk_map": form_mapping}) + if formset.is_valid(): + formset.save() + messages.add_message( + request, messages.SUCCESS, "Metadata updated successfully.", extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("view_endpoint", args=(eid,))) + add_breadcrumb(parent=endpoint, title="Manage Metadata", top_level=False, request=request) product_tab = Product_Tab(endpoint.product, "Edit Metadata", tab="endpoints") - return render(request, - "dojo/edit_endpoint_meta_data.html", - {"endpoint": endpoint, - "product_tab": product_tab, - }) + return render( + request, + "dojo/edit_metadata.html", + {"formset": formset, "product_tab": product_tab}, + ) # bulk mitigate and delete are combined, so we can't have the nice user_is_authorized decorator @@ -363,9 +335,9 @@ def endpoint_bulk_update_all(request, pid=None): if pid is not None: product = get_object_or_404(Product, id=pid) - user_has_permission_or_403(request.user, product, Permissions.Endpoint_Delete) + user_has_permission_or_403(request.user, product, Permissions.Location_Delete) - endpoints = get_authorized_endpoints_for_queryset(Permissions.Endpoint_Delete, endpoints, request.user) + endpoints = get_authorized_endpoints_for_queryset(Permissions.Location_Delete, endpoints, request.user) skipped_endpoint_count = total_endpoint_count - endpoints.count() deleted_endpoint_count = endpoints.count() @@ -389,7 +361,7 @@ def endpoint_bulk_update_all(request, pid=None): product = get_object_or_404(Product, id=pid) user_has_permission_or_403(request.user, product, Permissions.Finding_Edit) - endpoints = get_authorized_endpoints_for_queryset(Permissions.Endpoint_Edit, endpoints, request.user) + endpoints = get_authorized_endpoints_for_queryset(Permissions.Location_Edit, endpoints, request.user) skipped_endpoint_count = total_endpoint_count - endpoints.count() updated_endpoint_count = endpoints.count() @@ -484,7 +456,7 @@ def migrate_endpoints_view(request): }) -@user_is_authorized(Product, Permissions.Endpoint_Edit, "pid") +@user_is_authorized(Product, Permissions.Location_Edit, "pid") def import_endpoint_meta(request, pid): product = get_object_or_404(Product, id=pid) form = ImportEndpointMetaForm() @@ -517,3 +489,15 @@ def import_endpoint_meta(request, pid): "product_tab": product_tab, "form": form, }) + + +@user_is_authorized(Endpoint, Permissions.Location_View, "eid") +def endpoint_report(request, eid): + endpoint = get_object_or_404(Endpoint, id=eid) + return generate_report(request, endpoint, host_view=False) + + +@user_is_authorized(Endpoint, Permissions.Location_View, "eid") +def endpoint_host_report(request, eid): + endpoint = get_object_or_404(Endpoint, id=eid) + return generate_report(request, endpoint, host_view=True) diff --git a/dojo/engagement/views.py b/dojo/engagement/views.py index 405f3953347..4eb5398cb61 100644 --- a/dojo/engagement/views.py +++ b/dojo/engagement/views.py @@ -73,6 +73,8 @@ ) from dojo.importers.base_importer import BaseImporter from dojo.importers.default_importer import DefaultImporter +from dojo.location.models import Location +from dojo.location.utils import save_locations_to_add from dojo.models import ( Check_List, Cred_Mapping, @@ -848,11 +850,18 @@ def handle_request( ) # Get the product tab and any additional custom breadcrumbs product_tab, custom_breadcrumb = self.get_product_tab(product, engagement) + + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.filter(products__product_id=product_tab.product.id) + else: + # TODO: Delete this after the move to Locations + endpoints = Endpoint.objects.filter(product__id=product_tab.product.id) + # Get the import form with some initial data in place form = self.get_form( request, environment=environment, - endpoints=Endpoint.objects.filter(product__id=product_tab.product.id), + endpoints=endpoints, api_scan_configuration=Product_API_Scan_Configuration.objects.filter(product__id=product_tab.product.id), ) # Get the credential mapping form @@ -1013,10 +1022,17 @@ def process_form( if close_old_findings_product_scope := form.cleaned_data.get("close_old_findings_product_scope", None): context["close_old_findings_product_scope"] = close_old_findings_product_scope context["close_old_findings"] = True - # Save newly added endpoints - added_endpoints = save_endpoints_to_add(form.endpoints_to_add_list, context.get("engagement").product) - endpoints_from_form = list(form.cleaned_data["endpoints"]) - context["endpoints_to_add"] = endpoints_from_form + added_endpoints + if settings.V3_FEATURE_LOCATIONS: + # Save newly added locations + added_locations = save_locations_to_add(form.endpoints_to_add_list) + locations_from_form = [location.url for location in form.cleaned_data["endpoints"]] + context["endpoints_to_add"] = locations_from_form + added_locations + else: + # TODO: Delete this after the move to Locations + # Save newly added endpoints + added_endpoints = save_endpoints_to_add(form.endpoints_to_add_list, context.get("engagement").product) + endpoints_from_form = list(form.cleaned_data["endpoints"]) + context["endpoints_to_add"] = endpoints_from_form + added_endpoints # Override the form values of active and verified if activeChoice := form.cleaned_data.get("active", None): if activeChoice == "force_to_true": diff --git a/dojo/filters.py b/dojo/filters.py index adb4d0d6825..2013f731c5e 100644 --- a/dojo/filters.py +++ b/dojo/filters.py @@ -55,6 +55,7 @@ from dojo.finding.queries import get_authorized_findings_for_queryset from dojo.finding_group.queries import get_authorized_finding_groups_for_queryset from dojo.labels import get_labels +from dojo.location.status import FindingLocationStatus, ProductLocationStatus from dojo.models import ( EFFORT_FOR_FIXING_CHOICES, ENGAGEMENT_STATUS_CHOICES, @@ -522,6 +523,34 @@ def get_finding_filterset_fields(*, metrics=False, similar=False, filter_string_ return fields +def filter_endpoints_base(queryset, name, value, statuses=None, host=None): + """ + Apply `endpoints` filter, and if location_status or host + are present, combine them on the same row. + """ + filters_kwargs = {"locations__location": value} + if statuses: + filters_kwargs["locations__status__in"] = statuses + if host: + filters_kwargs["locations__location__url__host__icontains"] = host + + return queryset.filter(**filters_kwargs) + + +def filter_endpoints_host_base(queryset, name, value, statuses=None, endpoint_id=None): + """ + Apply `endpoints__host` filter, and if endpoints or location_status + are present, combine them on the same row. + """ + filters_kwargs = {"locations__location__url__host__icontains": value} + if endpoint_id: + filters_kwargs["locations__location"] = endpoint_id + if statuses: + filters_kwargs["locations__status__in"] = statuses + + return queryset.filter(**filters_kwargs) + + class FindingTagFilter(DojoFilter): tag = CharFilter( field_name="tags__name", @@ -1359,6 +1388,35 @@ class ProductFilterHelper(FilterSet): not_tag = CharFilter(field_name="tags__name", lookup_expr="icontains", label="Not tag name contains", exclude=True) outside_of_sla = ProductSLAFilter(label="Outside of SLA") has_tags = BooleanFilter(field_name="tags", lookup_expr="isnull", exclude=True, label="Has tags") + if settings.V3_FEATURE_LOCATIONS: + location_status = MultipleChoiceFilter( + field_name="locations__status", + choices=ProductLocationStatus.choices, + help_text="Status of the Location from the Products relationship", + ) + endpoints__host = CharFilter( + field_name="locations__location__url__host", method="filter_endpoints_host", label="Endpoint Host", + ) + endpoints = NumberFilter(field_name="locations__location", method="filter_endpoints", widget=HiddenInput()) + + def filter_endpoints_host(self, queryset, name, value): + return filter_endpoints_host_base( + queryset, + name, + value, + endpoint_id=self.data.get("endpoints"), + statuses=self.data.getlist("location_status"), + ) + + def filter_endpoints(self, queryset, name, value): + return filter_endpoints_base( + queryset, + name, + value, + statuses=self.data.getlist("location_status"), + host=self.data.get("endpoints__host"), + ) + o = OrderingFilter( # tuple-mapping retains order fields=( @@ -1447,6 +1505,13 @@ class Meta: class ApiDojoMetaFilter(DojoFilter): name_case_insensitive = CharFilter(field_name="name", lookup_expr="iexact") value_case_insensitive = CharFilter(field_name="value", lookup_expr="iexact") + endpoint = NumberFilter(field_name="location__products__id", lookup_expr="exact") + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + # TODO: Delete this after the move to Locations + if not settings.V3_FEATURE_LOCATIONS: + self.filters["endpoint"] = NumberFilter(field_name="endpoint", lookup_expr="exact") class Meta: model = DojoMeta @@ -1454,6 +1519,7 @@ class Meta: "id", "product", "endpoint", + "location", "finding", "name", "value", @@ -1773,18 +1839,48 @@ class FindingFilterHelper(FilterSet): param = CharFilter(lookup_expr="icontains") payload = CharFilter(lookup_expr="icontains") test__test_type = ModelMultipleChoiceFilter(queryset=Test_Type.objects.all(), label="Test Type") - endpoints__host = CharFilter(lookup_expr="icontains", label="Endpoint Host") service = CharFilter(lookup_expr="icontains") test__engagement__version = CharFilter(lookup_expr="icontains", label="Engagement Version") test__version = CharFilter(lookup_expr="icontains", label="Test Version") risk_acceptance = ReportRiskAcceptanceFilter(label="Risk Accepted") effort_for_fixing = MultipleChoiceFilter(choices=EFFORT_FOR_FIXING_CHOICES) test_import_finding_action__test_import = NumberFilter(widget=HiddenInput()) - endpoints = NumberFilter(widget=HiddenInput()) status = FindingStatusFilter(label="Status") test__engagement__product__lifecycle = MultipleChoiceFilter( choices=Product.LIFECYCLE_CHOICES, label=labels.ASSET_LIFECYCLE_LABEL) + if settings.V3_FEATURE_LOCATIONS: + location_status = MultipleChoiceFilter( + field_name="locations__status", + choices=FindingLocationStatus.choices, + help_text="Status of the Location from the Findings relationship", + ) + endpoints__host = CharFilter( + field_name="locations__location__url__host", method="filter_endpoints_host", label="Endpoint Host", + ) + endpoints = NumberFilter(field_name="locations__location", method="filter_endpoints", widget=HiddenInput()) + + def filter_endpoints_host(self, queryset, name, value): + return filter_endpoints_host_base( + queryset, + name, + value, + endpoint_id=self.data.get("endpoints"), + statuses=self.data.getlist("location_status"), + ) + + def filter_endpoints(self, queryset, name, value): + return filter_endpoints_base( + queryset, + name, + value, + statuses=self.data.getlist("location_status"), + host=self.data.get("endpoints__host"), + ) + else: + # TODO: Delete this after the move to Locations + endpoints__host = CharFilter(lookup_expr="icontains", label="Endpoint Host") + endpoints = NumberFilter(widget=HiddenInput()) has_component = BooleanFilter( field_name="component_name", @@ -2751,7 +2847,7 @@ def __init__(self, *args, **kwargs): @property def qs(self): parent = super().qs - return get_authorized_endpoints_for_queryset(Permissions.Endpoint_View, parent) + return get_authorized_endpoints_for_queryset(Permissions.Location_View, parent) class Meta: model = Endpoint @@ -2892,7 +2988,7 @@ def __init__(self, *args, **kwargs): @property def qs(self): parent = super().qs - return get_authorized_endpoints_for_queryset(Permissions.Endpoint_View, parent) + return get_authorized_endpoints_for_queryset(Permissions.Location_View, parent) class Meta: model = Endpoint diff --git a/dojo/finding/deduplication.py b/dojo/finding/deduplication.py index eb8baf40db0..54517108f25 100644 --- a/dojo/finding/deduplication.py +++ b/dojo/finding/deduplication.py @@ -156,9 +156,9 @@ def set_duplicate(new_finding, existing_finding): # existing_finding.found_by.add(new_finding.test.test_type) logger.debug("saving new finding: %d", new_finding.id) - super(Finding, new_finding).save() + super(Finding, new_finding).save(skip_validation=True) logger.debug("saving existing finding: %d", existing_finding.id) - super(Finding, existing_finding).save() + super(Finding, existing_finding).save(skip_validation=True) def is_duplicate_reopen(new_finding, existing_finding) -> bool: @@ -208,12 +208,48 @@ def are_urls_equal(url1, url2, fields): return True -def are_endpoints_duplicates(new_finding, to_duplicate_finding): +def finding_locations(finding): + return [ref.location.url for ref in finding.locations.all()] + + +def are_location_urls_equal(url1, url2, fields): + deduplicationLogger.debug("Check if url %s and url %s are equal in terms of %s.", url1, url2, fields) + for field in fields: + if (field == "scheme" and url1.protocol != url2.protocol) or (field == "host" and url1.host != url2.host): + return False + if (field == "port" and url1.port != url2.port) or (field == "path" and url1.path != url2.path) or ( + field == "query" and url1.query != url2.query) or ( + field == "fragment" and url1.fragment != url2.fragment) or ( + field == "userinfo" and url1.user_info != url2.user_info): + return False + return True + + +def are_locations_duplicates(new_finding, to_duplicate_finding): fields = settings.DEDUPE_ALGO_ENDPOINT_FIELDS if len(fields) == 0: deduplicationLogger.debug("deduplication by endpoint fields is disabled") return True + if settings.V3_FEATURE_LOCATIONS: + list1 = finding_locations(new_finding) + list2 = finding_locations(to_duplicate_finding) + + deduplicationLogger.debug( + f"Starting deduplication by location fields for finding {new_finding.id} with locations {list1} and finding {to_duplicate_finding.id} with locations {list2}", + ) + + if list1 == [] and list2 == []: + return True + + for l1 in list1: + for l2 in list2: + if are_location_urls_equal(l1, l2, fields): + return True + + deduplicationLogger.debug(f"locations are not duplicates: {new_finding.id} and {to_duplicate_finding.id}") + return False + # TODO: Delete this after the move to Locations list1 = get_endpoints_as_url(new_finding) list2 = get_endpoints_as_url(to_duplicate_finding) @@ -471,7 +507,7 @@ def get_matches_from_hash_candidates(new_finding, candidates_by_hash) -> Iterato if is_deduplication_on_engagement_mismatch(new_finding, candidate): deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") continue - if are_endpoints_duplicates(new_finding, candidate): + if are_locations_duplicates(new_finding, candidate): yield candidate @@ -507,11 +543,11 @@ def get_matches_from_uid_or_hash_candidates(new_finding, candidates_by_uid, cand if is_deduplication_on_engagement_mismatch(new_finding, candidate): deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") continue - if are_endpoints_duplicates(new_finding, candidate): - deduplicationLogger.debug("UID_OR_HASH: endpoints match, returning candidate %s with test_type %s unique_id_from_tool %s hash_code %s", candidate.id, candidate.test.test_type, candidate.unique_id_from_tool, candidate.hash_code) + if are_locations_duplicates(new_finding, candidate): + deduplicationLogger.debug("UID_OR_HASH: locations match, returning candidate %s with test_type %s unique_id_from_tool %s hash_code %s", candidate.id, candidate.test.test_type, candidate.unique_id_from_tool, candidate.hash_code) yield candidate else: - deduplicationLogger.debug("UID_OR_HASH: endpoints mismatch, skipping candidate %s", candidate.id) + deduplicationLogger.debug("UID_OR_HASH: locations mismatch, skipping candidate %s", candidate.id) def get_matches_from_legacy_candidates(new_finding, candidates_by_title, candidates_by_cwe) -> Iterator[Finding]: @@ -532,46 +568,86 @@ def get_matches_from_legacy_candidates(new_finding, candidates_by_title, candida if not _is_candidate_older(new_finding, candidate): continue if is_deduplication_on_engagement_mismatch(new_finding, candidate): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") + deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") continue - flag_endpoints = False - flag_line_path = False - - # --------------------------------------------------------- - # 2) If existing and new findings have endpoints: compare them all - # Else look at line+file_path - # (if new finding is not static, do not deduplicate) - # --------------------------------------------------------- - - if candidate.endpoints.count() != 0 and new_finding.endpoints.count() != 0: - list1 = [str(e) for e in new_finding.endpoints.all()] - list2 = [str(e) for e in candidate.endpoints.all()] - if all(x in list1 for x in list2): - deduplicationLogger.debug("%s: existing endpoints are present in new finding", candidate.id) - flag_endpoints = True - elif new_finding.static_finding and new_finding.file_path and len(new_finding.file_path) > 0: - if str(candidate.line) == str(new_finding.line) and candidate.file_path == new_finding.file_path: - deduplicationLogger.debug("%s: file_path and line match", candidate.id) - flag_line_path = True + if settings.V3_FEATURE_LOCATIONS: + flag_locations = False + flag_line_path = False + + # --------------------------------------------------------- + # 2) If existing and new findings have locations: compare them all + # Else look at line+file_path + # (if new finding is not static, do not deduplicate) + # --------------------------------------------------------- + + if candidate.locations.count() != 0 and new_finding.locations.count() != 0: + list1 = [ref.location.location_value for ref in new_finding.locations.all()] + list2 = [ref.location.location_value for ref in candidate.locations.all()] + if all(x in list1 for x in list2): + deduplicationLogger.debug("%s: existing locations are present in new finding", candidate.id) + flag_locations = True + elif new_finding.static_finding and new_finding.file_path and len(new_finding.file_path) > 0: + if str(candidate.line) == str(new_finding.line) and candidate.file_path == new_finding.file_path: + deduplicationLogger.debug("%s: file_path and line match", candidate.id) + flag_line_path = True + else: + deduplicationLogger.debug( + "no locations on one of the findings and file_path doesn't match; Deduplication will not occur") else: - deduplicationLogger.debug("no endpoints on one of the findings and file_path doesn't match; Deduplication will not occur") + deduplicationLogger.debug("find.static/dynamic: %s/%s", candidate.static_finding, candidate.dynamic_finding) + deduplicationLogger.debug("new_finding.static/dynamic: %s/%s", new_finding.static_finding, new_finding.dynamic_finding) + deduplicationLogger.debug("find.file_path: %s", candidate.file_path) + deduplicationLogger.debug("new_finding.file_path: %s", new_finding.file_path) + deduplicationLogger.debug( + "no locations on one of the findings and the new finding is either dynamic or doesn't have a file_path; Deduplication will not occur") + + flag_hash = candidate.hash_code == new_finding.hash_code + + deduplicationLogger.debug( + "deduplication flags for new finding (" + ("dynamic" if new_finding.dynamic_finding else "static") + ") " + str(new_finding.id) + " and existing finding " + str(candidate.id) + + " flag_locations: " + str(flag_locations) + " flag_line_path:" + str(flag_line_path) + " flag_hash:" + str(flag_hash)) + + if (flag_locations or flag_line_path) and flag_hash: + yield candidate else: - deduplicationLogger.debug("find.static/dynamic: %s/%s", candidate.static_finding, candidate.dynamic_finding) - deduplicationLogger.debug("new_finding.static/dynamic: %s/%s", new_finding.static_finding, new_finding.dynamic_finding) - deduplicationLogger.debug("find.file_path: %s", candidate.file_path) - deduplicationLogger.debug("new_finding.file_path: %s", new_finding.file_path) - deduplicationLogger.debug("no endpoints on one of the findings and the new finding is either dynamic or doesn't have a file_path; Deduplication will not occur") + # TODO: Delete this after the move to Locations + flag_endpoints = False + flag_line_path = False + + # --------------------------------------------------------- + # 2) If existing and new findings have endpoints: compare them all + # Else look at line+file_path + # (if new finding is not static, do not deduplicate) + # --------------------------------------------------------- + + if candidate.endpoints.count() != 0 and new_finding.endpoints.count() != 0: + list1 = [str(e) for e in new_finding.endpoints.all()] + list2 = [str(e) for e in candidate.endpoints.all()] + if all(x in list1 for x in list2): + deduplicationLogger.debug("%s: existing endpoints are present in new finding", candidate.id) + flag_endpoints = True + elif new_finding.static_finding and new_finding.file_path and len(new_finding.file_path) > 0: + if str(candidate.line) == str(new_finding.line) and candidate.file_path == new_finding.file_path: + deduplicationLogger.debug("%s: file_path and line match", candidate.id) + flag_line_path = True + else: + deduplicationLogger.debug("no endpoints on one of the findings and file_path doesn't match; Deduplication will not occur") + else: + deduplicationLogger.debug("find.static/dynamic: %s/%s", candidate.static_finding, candidate.dynamic_finding) + deduplicationLogger.debug("new_finding.static/dynamic: %s/%s", new_finding.static_finding, new_finding.dynamic_finding) + deduplicationLogger.debug("find.file_path: %s", candidate.file_path) + deduplicationLogger.debug("new_finding.file_path: %s", new_finding.file_path) + deduplicationLogger.debug("no endpoints on one of the findings and the new finding is either dynamic or doesn't have a file_path; Deduplication will not occur") - flag_hash = candidate.hash_code == new_finding.hash_code + flag_hash = candidate.hash_code == new_finding.hash_code - deduplicationLogger.debug( - "deduplication flags for new finding (" + ("dynamic" if new_finding.dynamic_finding else "static") + ") " + str(new_finding.id) + " and existing finding " + str(candidate.id) - + " flag_endpoints: " + str(flag_endpoints) + " flag_line_path:" + str(flag_line_path) + " flag_hash:" + str(flag_hash)) + deduplicationLogger.debug( + "deduplication flags for new finding (" + ("dynamic" if new_finding.dynamic_finding else "static") + ") " + str(new_finding.id) + " and existing finding " + str(candidate.id) + + " flag_endpoints: " + str(flag_endpoints) + " flag_line_path:" + str(flag_line_path) + " flag_hash:" + str(flag_hash)) - if (flag_endpoints or flag_line_path) and flag_hash: - yield candidate + if (flag_endpoints or flag_line_path) and flag_hash: + yield candidate def _dedupe_batch_hash_code(findings): diff --git a/dojo/finding/helper.py b/dojo/finding/helper.py index 908afee38b9..51c65553742 100644 --- a/dojo/finding/helper.py +++ b/dojo/finding/helper.py @@ -24,6 +24,9 @@ do_dedupe_finding_task_internal, get_finding_models_for_deduplication, ) +from dojo.location.models import Location +from dojo.location.status import FindingLocationStatus +from dojo.location.utils import save_locations_to_add from dojo.models import ( Endpoint, Endpoint_Status, @@ -38,6 +41,7 @@ from dojo.notes.helper import delete_related_notes from dojo.notifications.helper import create_notification from dojo.tools import tool_issue_updater +from dojo.url.models import URL from dojo.utils import ( calculate_grade, close_external_issue, @@ -695,7 +699,7 @@ def fix_loop_duplicates(): for f in new_originals: deduplicationLogger.info(f"New Original: {f.id}") f.duplicate = False - super(Finding, f).save() + super(Finding, f).save(skip_validation=True) loop_count = Finding.objects.filter(duplicate_finding__isnull=False, original_finding__isnull=False).count() deduplicationLogger.info(f"{loop_count} Finding found which still has Loops, please run fix loop duplicates again") @@ -716,7 +720,7 @@ def removeLoop(finding_id, counter): # loop fully removed finding.duplicate_finding = None # duplicate remains True, will be set to False in fix_loop_duplicates (and logged as New Original?). - super(Finding, finding).save() + super(Finding, finding).save(skip_validation=True) return # Only modify the findings if the original ID is lower to get the oldest finding as original @@ -730,31 +734,53 @@ def removeLoop(finding_id, counter): if real_original in finding.original_finding.all(): # remove the original from the duplicate list if it is there finding.original_finding.remove(real_original) - super(Finding, finding).save() + super(Finding, finding).save(skip_validation=True) if counter <= 0: # Maximum recursion depth as safety method to circumvent recursion here return for f in finding.original_finding.all(): # for all duplicates set the original as their original, get rid of self in between f.duplicate_finding = real_original - super(Finding, f).save() - super(Finding, real_original).save() + super(Finding, f).save(skip_validation=True) + super(Finding, real_original).save(skip_validation=True) removeLoop(f.id, counter - 1) -def add_endpoints(new_finding, form): - added_endpoints = save_endpoints_to_add(form.endpoints_to_add_list, new_finding.test.engagement.product) - endpoint_ids = [endpoint.id for endpoint in added_endpoints] +def add_locations(finding, form): + # TODO: Delete this after the move to Locations + if not settings.V3_FEATURE_LOCATIONS: + added_endpoints = save_endpoints_to_add(form.endpoints_to_add_list, finding.test.engagement.product) + endpoint_ids = [endpoint.id for endpoint in added_endpoints] - # Merge form endpoints with existing endpoints (don't replace) - form_endpoints = form.cleaned_data.get("endpoints", Endpoint.objects.none()) - new_endpoints = Endpoint.objects.filter(id__in=endpoint_ids) - new_finding.endpoints.set(form_endpoints | new_endpoints | new_finding.endpoints.all()) + # Merge form endpoints with existing endpoints (don't replace) + form_endpoints = form.cleaned_data.get("endpoints", Endpoint.objects.none()) + new_endpoints = Endpoint.objects.filter(id__in=endpoint_ids) + finding.endpoints.set(form_endpoints | new_endpoints | finding.endpoints.all()) - for endpoint in new_finding.endpoints.all(): - _eps, _created = Endpoint_Status.objects.get_or_create( - finding=new_finding, - endpoint=endpoint, defaults={"date": form.cleaned_data["date"] or timezone.now()}) + for endpoint in finding.endpoints.all(): + _eps, _created = Endpoint_Status.objects.get_or_create( + finding=finding, + endpoint=endpoint, defaults={"date": form.cleaned_data["date"] or timezone.now()}) + + return set(finding.endpoints.all()) + + added_locations = save_locations_to_add(form.endpoints_to_add_list) + location_ids = [abstract_location.location.id for abstract_location in added_locations] + + new_locations = Location.objects.filter(id__in=location_ids) + form_locations = form.cleaned_data.get("endpoints", Location.objects.none()) + + if date := form.cleaned_data.get("date"): + audit_time = timezone.make_aware(datetime(date.year, date.month, date.day)) + else: + audit_time = timezone.now() + + locations_to_associate = (form_locations | new_locations).distinct() + + for location in locations_to_associate: + location.associate_with_finding(finding, audit_time=audit_time) + + return set(locations_to_associate) def sanitize_vulnerability_ids(vulnerability_ids) -> None: @@ -914,21 +940,26 @@ def get_value(field_name, default=None): product = finding.test.engagement.product for endpoint_url in endpoint_urls: try: - endpoint = Endpoint.from_uri(endpoint_url) - ep, _ = endpoint_get_or_create( - protocol=endpoint.protocol, - host=endpoint.host, - port=endpoint.port, - path=endpoint.path, - query=endpoint.query, - fragment=endpoint.fragment, - product=product, - ) - Endpoint_Status.objects.get_or_create( - finding=finding, - endpoint=ep, - defaults={"date": finding.date or timezone.now()}, - ) + if settings.V3_FEATURE_LOCATIONS: + saved_url = URL.create_location_from_value(endpoint_url) + saved_url.location.associate_with_finding(finding) + else: + # TODO: Delete this after the move to Locations + endpoint = Endpoint.from_uri(endpoint_url) + ep, _ = endpoint_get_or_create( + protocol=endpoint.protocol, + host=endpoint.host, + port=endpoint.port, + path=endpoint.path, + query=endpoint.query, + fragment=endpoint.fragment, + product=product, + ) + Endpoint_Status.objects.get_or_create( + finding=finding, + endpoint=ep, + defaults={"date": finding.date or timezone.now()}, + ) except Exception as e: logger.warning(f"Failed to parse endpoint URL '{endpoint_url}': {e}") @@ -1006,13 +1037,19 @@ def close_finding( ) finding.notes.add(new_note) - # Endpoint statuses - for status in finding.status_finding.all(): - status.mitigated_by = finding.mitigated_by - status.mitigated_time = mitigated_date - status.mitigated = True - status.last_modified = current_time - status.save() + if settings.V3_FEATURE_LOCATIONS: + # Related locations + for ref in finding.locations.all(): + ref.set_status(FindingLocationStatus.Mitigated, finding.mitigated_by, mitigated_date) + else: + # TODO: Delete this after the move to Locations + # Endpoint statuses + for status in finding.status_finding.all(): + status.mitigated_by = finding.mitigated_by + status.mitigated_time = mitigated_date + status.mitigated = True + status.last_modified = current_time + status.save() # Risk acceptance ra_helper.risk_unaccept(user, finding, perform_save=False) diff --git a/dojo/finding/queries.py b/dojo/finding/queries.py index adca2ef3bdf..7044f3347ec 100644 --- a/dojo/finding/queries.py +++ b/dojo/finding/queries.py @@ -1,12 +1,14 @@ import logging -from functools import partial from crum import get_current_user -from django.db.models import OuterRef, Q, Subquery, Value -from django.db.models.functions import Coalesce +from django.conf import settings +from django.db.models import Case, CharField, Count, Exists, F, Q, Subquery, Value, When +from django.db.models.functions import Concat from django.db.models.query import Prefetch, QuerySet from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission +from dojo.location.models import LocationFindingReference +from dojo.location.status import FindingLocationStatus from dojo.models import ( IMPORT_UNTOUCHED_FINDING, Endpoint_Status, @@ -19,7 +21,6 @@ Test_Import_Finding_Action, Vulnerability_Id, ) -from dojo.query_utils import build_count_subquery from dojo.request_cache import cache_for_request logger = logging.getLogger(__name__) @@ -286,23 +287,110 @@ def prefetch_for_findings(findings, prefetch_type="all", *, exclude_untouched=Tr else: prefetched_findings = prefetched_findings.prefetch_related("test_import_finding_action_set") - # Standard prefetches - prefetched_findings = prefetched_findings.prefetch_related( - "notes", - "tags", - "endpoints", - "status_finding", - "finding_group_set", - "finding_group_set__jira_issue", # Include both variants - "test__engagement__product__members", - "test__engagement__product__prod_type__members", - "vulnerability_id_set", - ) - # Endpoint counts using optimized subqueries - base_status = Endpoint_Status.objects.filter(finding_id=OuterRef("pk")) - count_subquery = partial(build_count_subquery, group_field="finding_id") - return prefetched_findings.annotate( - active_endpoint_count=Coalesce(count_subquery(base_status.filter(mitigated=False)), Value(0)), - mitigated_endpoint_count=Coalesce(count_subquery(base_status.filter(mitigated=True)), Value(0)), - ) + if settings.V3_FEATURE_LOCATIONS: + # Standard prefetches + prefetched_findings = prefetched_findings.prefetch_related( + "notes", + "tags", + "locations__location__url", + "status_finding", + "finding_group_set", + "finding_group_set__jira_issue", # Include both variants + "test__engagement__product__members", + "test__engagement__product__prod_type__members", + "vulnerability_id_set", + ) + base_status = LocationFindingReference.objects.prefetch_related("location__url").all() + prefetched_findings = prefetched_findings.annotate( + has_endpoints=Exists(base_status), + active_endpoint_count=Count( + "locations", + filter=Q(locations__status=FindingLocationStatus.Active), + distinct=True, + ), + mitigated_endpoint_count=Count( + "locations", + filter=(~Q(locations__status=FindingLocationStatus.Active)), + distinct=True, + ), + ).prefetch_related( + Prefetch( + "locations", + queryset=base_status.filter(status=FindingLocationStatus.Active).annotate(is_broken=F("location__url__host_validation_failure"), object_id=F("location__id")).order_by("audit_time"), + to_attr="active_endpoints", + ), + Prefetch( + "locations", + queryset=base_status.filter(~Q(status=FindingLocationStatus.Active)).annotate(is_broken=F("location__url__host_validation_failure"), object_id=F("location__id")).order_by("audit_time"), + to_attr="mitigated_endpoints", + ), + ) + else: + # Standard prefetches + prefetched_findings = prefetched_findings.prefetch_related( + "notes", + "tags", + "endpoints", + "status_finding", + "finding_group_set", + "finding_group_set__jira_issue", # Include both variants + "test__engagement__product__members", + "test__engagement__product__prod_type__members", + "vulnerability_id_set", + ) + base_status = Endpoint_Status.objects.prefetch_related("endpoint") + status = Case( + When( + Q(false_positive=True) | Q(risk_accepted=True) | Q(out_of_scope=True) | Q(mitigated=True), + then=Concat( + Case(When(false_positive=True, then=Value("False Positive, ")), default=Value("")), + Case(When(risk_accepted=True, then=Value("Risk Accepted, ")), default=Value("")), + Case(When(out_of_scope=True, then=Value("Out of Scope, ")), default=Value("")), + Case(When(mitigated=True, then=Value("Mitigated, ")), default=Value("")), + output_field=CharField(), + ), + ), + default=Value("Active"), + output_field=CharField(), + ) + prefetched_findings = prefetched_findings.annotate( + has_endpoints=Exists(base_status), + active_endpoint_count=Count( + "status_finding", + filter=Q( + status_finding__mitigated=False, + status_finding__false_positive=False, + status_finding__out_of_scope=False, + status_finding__risk_accepted=False, + ), + distinct=True, + ), + mitigated_endpoint_count=Count( + "status_finding", + filter=( + Q(status_finding__mitigated=True) + | Q(status_finding__false_positive=True) + | Q(status_finding__out_of_scope=True) + | Q(status_finding__risk_accepted=True) + ), + distinct=True, + ), + ).prefetch_related( + Prefetch( + "status_finding", + queryset=base_status.filter( + mitigated=False, false_positive=False, out_of_scope=False, risk_accepted=False, + ).annotate(status=status, object_id=F("endpoint__id")).order_by("last_modified"), + to_attr="active_endpoints", + ), + Prefetch( + "status_finding", + queryset=base_status.filter( + Q(mitigated=True) | Q(false_positive=True) | Q(out_of_scope=True) | Q(risk_accepted=True), + ).annotate(status=status, object_id=F("endpoint__id")).order_by("mitigated_time"), + to_attr="mitigated_endpoints", + ), + ) + + return prefetched_findings diff --git a/dojo/finding/views.py b/dojo/finding/views.py index da6f34e3f09..3269f92902a 100644 --- a/dojo/finding/views.py +++ b/dojo/finding/views.py @@ -72,6 +72,7 @@ StubFindingForm, TypedNoteForm, ) +from dojo.location.status import FindingLocationStatus from dojo.models import ( IMPORT_UNTOUCHED_FINDING, BurpRawRequestResponse, @@ -428,7 +429,7 @@ def get(self, request: HttpRequest, product_id: int | None = None, engagement_id class ViewFinding(View): def get_finding(self, finding_id: int): - finding_qs = prefetch_for_findings(Finding.objects.all(), exclude_untouched=False) + finding_qs = prefetch_for_findings(Finding.objects.filter(id=finding_id), exclude_untouched=False) return get_object_or_404(finding_qs, id=finding_id) def get_dojo_user(self, request: HttpRequest): @@ -853,17 +854,27 @@ def process_mitigated_data(self, request: HttpRequest, finding: Finding, context ) and context["form"]["duplicate"].value() is False): now = timezone.now() finding.is_mitigated = True - endpoint_status = finding.status_finding.all() - for status in endpoint_status: - status.mitigated_by = ( - context["form"].cleaned_data.get("mitigated_by") or request.user - ) - status.mitigated_time = ( - context["form"].cleaned_data.get("mitigated") or now - ) - status.mitigated = True - status.last_modified = timezone.now() - status.save() + + if settings.V3_FEATURE_LOCATIONS: + for ref in finding.locations.all(): + ref.set_status( + FindingLocationStatus.Mitigated, + context["form"].cleaned_data.get("mitigated_by") or request.user, + context["form"].cleaned_data.get("mitigated") or now, + ) + else: + # TODO: Delete this after the move to Locations + endpoint_status = finding.status_finding.all() + for status in endpoint_status: + status.mitigated_by = ( + context["form"].cleaned_data.get("mitigated_by") or request.user + ) + status.mitigated_time = ( + context["form"].cleaned_data.get("mitigated") or now + ) + status.mitigated = True + status.last_modified = timezone.now() + status.save() def process_false_positive_history(self, finding: Finding): if get_system_setting("false_positive_history", False): @@ -920,13 +931,19 @@ def process_finding_form(self, request: HttpRequest, finding: Finding, context: ra_helper.simple_risk_accept(request.user, new_finding, perform_save=False) elif new_finding.risk_accepted: ra_helper.risk_unaccept(request.user, new_finding, perform_save=False) - # Save and add new endpoints - finding_helper.add_endpoints(new_finding, context["form"]) + # Save and add new locations + associated_locations = finding_helper.add_locations(new_finding, context["form"]) # Remove unrelated endpoints - endpoint_status_list = Endpoint_Status.objects.filter(finding=new_finding) - for endpoint_status in endpoint_status_list: - if endpoint_status.endpoint not in new_finding.endpoints.all(): - endpoint_status.delete() + if settings.V3_FEATURE_LOCATIONS: + for ref in new_finding.locations.all(): + if ref.location not in associated_locations: + ref.location.disassociate_from_finding(new_finding) + else: + # TODO: Delete this after the move to Locations + endpoint_status_list = Endpoint_Status.objects.filter(finding=new_finding) + for endpoint_status in endpoint_status_list: + if endpoint_status.endpoint not in new_finding.endpoints.all(): + endpoint_status.delete() # Handle some of the other steps self.process_mitigated_data(request, new_finding, context) self.process_false_positive_history(new_finding) @@ -1305,13 +1322,17 @@ def reopen_finding(request, fid): finding.last_reviewed = finding.mitigated finding.last_reviewed_by = request.user finding.under_review = False - endpoint_status = finding.status_finding.all() - for status in endpoint_status: - status.mitigated_by = None - status.mitigated_time = None - status.mitigated = False - status.last_modified = timezone.now() - status.save() + if settings.V3_FEATURE_LOCATIONS: + for ref in finding.locations.all(): + ref.set_status(FindingLocationStatus.Active, request.user, timezone.now()) + else: + endpoint_status = finding.status_finding.all() + for status in endpoint_status: + status.mitigated_by = None + status.mitigated_time = None + status.mitigated = False + status.last_modified = timezone.now() + status.save() # Clear the risk acceptance, if present ra_helper.risk_unaccept(request.user, finding) finding.save(dedupe_option=False, push_to_jira=False) @@ -2045,7 +2066,7 @@ def promote_to_finding(request, fid): new_finding.save() - finding_helper.add_endpoints(new_finding, form) + finding_helper.add_locations(new_finding, form) push_to_jira = False if jform and jform.is_valid(): diff --git a/dojo/fixtures/defect_dojo_sample_data_locations.json b/dojo/fixtures/defect_dojo_sample_data_locations.json new file mode 100644 index 00000000000..adcfebad8ff --- /dev/null +++ b/dojo/fixtures/defect_dojo_sample_data_locations.json @@ -0,0 +1,93351 @@ +[ +{ + "model": "auth.user", + "fields": { + "password": "argon2$argon2id$v=19$m=102400,t=2,p=8$S2NCTzJ5b0F6SUJPdnVZTXpJVnlDRA$eS/SvwIW7KoVnINE5uzkv5GZ7biJz34gA0WmRlHgqWQ", + "last_login": "2025-02-06T22:39:20.922Z", + "is_superuser": true, + "username": "admin", + "first_name": "", + "last_name": "", + "email": "", + "is_staff": true, + "is_active": true, + "date_joined": "2021-07-02T00:21:09.430Z", + "groups": [], + "user_permissions": [] + } +}, +{ + "model": "auth.user", + "fields": { + "password": "pbkdf2_sha256$36000$XjtRvaEUL7kO$0fHWkPd13aIi6JYD1fadj1Vt1D8zDJCbbSzHFSXDBOw=", + "last_login": "2021-11-05T07:22:26.370Z", + "is_superuser": false, + "username": "product_manager", + "first_name": "", + "last_name": "", + "email": "", + "is_staff": false, + "is_active": true, + "date_joined": "2021-07-01T07:59:51Z", + "groups": [], + "user_permissions": [] + } +}, +{ + "model": "auth.user", + "fields": { + "password": "pbkdf2_sha256$36000$1qzIv2IwPiUw$//wV1kpCO8jj+Vp46gOf4TDo2ITxex5/FdNPOldHlsQ=", + "last_login": "2021-07-04T23:13:00.869Z", + "is_superuser": false, + "username": "user2", + "first_name": "", + "last_name": "", + "email": "", + "is_staff": false, + "is_active": true, + "date_joined": "2021-07-02T00:22:09.558Z", + "groups": [], + "user_permissions": [] + } +}, +{ + "model": "sessions.session", + "pk": "02imfxe3vzf9qqv4nz7zzatmyk7ccwsm", + "fields": { + "session_data": ".eJxVjEFOwzAQRe_idRWS2E6cSgiJBWLDCRCyZjyTxCW1kZ1sqHJ3XFGpsJz_3ryLsLCts90yJ-tJHEUjDn83BPfJ4QroBGGKlYthTR6rq1LdaK7eIvHyfHP_BWbIc_nWgwKtTI3Q907VHaBq-1aRZhpwHCQydugaSYM21DhE08jR9C3UElsNpkQpnqLFxEAubWfM4vh-EatfFy7913jm4mxpKceD2A939OID-TDlOx5_l6cvmNhm_82PUnVi_9h_AEdoWSA:1tYqC0:LSmimZ6BKjaiWqy0GWalABJpfYwXloJl6j0Uyq5H_pM", + "expire_date": "2025-01-31T17:31:36.944Z" + } +}, +{ + "model": "sessions.session", + "pk": "0fy0ogscdoq7gy7k3rsgp39zumcidfu9", + "fields": { + "session_data": "NzEyZjZiNDQ0ZTBkNTllYjE2MjY5OTRmYjBhZjRlNTU1NjIyOTcxZDp7Il9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-12-07T06:07:31.598Z" + } +}, +{ + "model": "sessions.session", + "pk": "2dqr18yqu9mzb87abk0okid75w2clakl", + "fields": { + "session_data": "ZmY5ZWRlNzI5OTdlMmMxNjBmNjQwODU2YWQ4ODlmNGUzNDUyOTljOTp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9tZXRyaWNzIiwidGl0bGUiOiJQcm9kdWN0IFR5cGUgTWV0cmljcyJ9XSwiX2F1dGhfdXNlcl9oYXNoIjoiODE0OTY0ZTdhNzUyNDQyZjM1MjczNTExMGVkZGZjNzc4YjE0MTU3MiIsIl9hdXRoX3VzZXJfaWQiOiIzIiwiX2F1dGhfdXNlcl9iYWNrZW5kIjoiZGphbmdvLmNvbnRyaWIuYXV0aC5iYWNrZW5kcy5Nb2RlbEJhY2tlbmQifQ==", + "expire_date": "2021-07-18T23:13:01.138Z" + } +}, +{ + "model": "sessions.session", + "pk": "91he362uu4zzlkmhn3g87fstw6gpb8h9", + "fields": { + "session_data": "NTU0NDNiNWE4YzY2Y2I2ZGQ4ZjQ4ZWM1NTZhZmFmZmEzODI0ODJiMDp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6IjVmNWFhZWQ4ZTY3YzllZDkyNGIxNDQxMTQ0NmRmYmJjZTY3YzgxNmUiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-11-19T05:11:08.323Z" + } +}, +{ + "model": "sessions.session", + "pk": "9voht5jb42emoela71zpbqz04ror8xcw", + "fields": { + "session_data": "NjZhNGEzMTYxNjE4OWEzOWMwNWU1Njg0ODg5NTQ4Mzk3N2I0OTVkMzp7ImRvam9fYnJlYWRjcnVtYnMiOm51bGwsIl9hdXRoX3VzZXJfaGFzaCI6IjVmNWFhZWQ4ZTY3YzllZDkyNGIxNDQxMTQ0NmRmYmJjZTY3YzgxNmUiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-11-30T06:31:13.710Z" + } +}, +{ + "model": "sessions.session", + "pk": "c29i459wf0jkdkluez09s3yjmqos689f", + "fields": { + "session_data": "MzllYzU2NjM4MDcwY2MxNjRiOTI2YzU5NDE1Y2Y2YWE3Y2Q2N2RmODp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6IjVkMDczODI0ZmUyNmMyZDc4M2NjZmVlMjU2YTI4OWU1NTFiOTVhYTUiLCJfYXV0aF91c2VyX2lkIjoiMSIsIl9hdXRoX3VzZXJfYmFja2VuZCI6ImRqYW5nby5jb250cmliLmF1dGguYmFja2VuZHMuTW9kZWxCYWNrZW5kIn0=", + "expire_date": "2021-12-07T05:18:56.251Z" + } +}, +{ + "model": "sessions.session", + "pk": "eme9gyi7zn436wzeyoto51egukxj8qy7", + "fields": { + "session_data": ".eJxVjEEOwiAQRe_C2hBgKDAu3fcMZIBRqoYmpV0Z765NutDtf-_9l4i0rTVunZc4FXEWWpx-t0T5wW0H5U7tNss8t3WZktwVedAux7nw83K4fweVev3WjorL2Rob0A5ac4JQfFYKgIkheGJkjaiNHxDRXTUoJA5gKRlQ2Yr3B8_sNxs:1mbNDM:BgL5LziNRBqwTSTO0RrBtCMHXn6G7AB2drrlm17fEdc", + "expire_date": "2025-01-17T05:47:46.263Z" + } +}, +{ + "model": "sessions.session", + "pk": "g0fpchyt0my3n4ks1v2jj0lp3hgsdjgg", + "fields": { + "session_data": ".eJxVjLsOwjAMRf8lc1UCLaFmZGJhYEaocmKHFkoj8piq_jtBQjxG33N8JtFiil2bAvu2J7EVS1H8bhrNjccXoCuOF1caN0bf6_KllG8ayoMjHnZv9y_QYejytwS20GgEuamtUqw0NhZhDUAgFXClDUmLTSXNSpFkIrmqaGNr0gTrqs5RclfXas9Ixqe7DmJ7mkTs48C5v3d3zk7yQz4WYi6-6Jg4xN6N4csfn2k-z0_ReVZ2:1mbNL6:bNhQm1g9-3-4R9g0NeLcUGe06pb69i1dvOQXk_fOGcQ", + "expire_date": "2025-01-17T05:55:46.185Z" + } +}, +{ + "model": "sessions.session", + "pk": "gv3v9rnpgxqswy7lin8p55oqahdeatwu", + "fields": { + "session_data": "Mjk5OGE0MDZiZWZkMzRiZjcxZDg4MWE2M2U4NDM1ZTExOWQ3MGM0ZTp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii90ZXN0X3R5cGUiLCJ0aXRsZSI6IlRlc3QgVHlwZSBMaXN0In1dLCJfYXV0aF91c2VyX2hhc2giOiJjOGQxY2IxNDU1NmI5YzYyZmRkMjRlMTEwNDljMjMyNjlkYTgzZDU2IiwiX2F1dGhfdXNlcl9pZCI6IjEiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCJ9", + "expire_date": "2021-11-17T06:33:39.074Z" + } +}, +{ + "model": "sessions.session", + "pk": "hh7aa53kw2wh8y2qjhvhe77nmmgkpprg", + "fields": { + "session_data": ".eJxVjMsOgjAQRX_FdE2QRwvFpSsXmrg3hsx0iqBITR8rw79bowm6nHvOnCdrIfi-DU7bdiC2YTlLfjcEddPTG9AVpotJlZm8HTB9K-mXuvRgSI_br_sX6MH18Vs0HASXGUJdK55VgLyoC05CU4NdU6LGClVeUiMk5QpR5mUn6wKyEgsBMkbJXE2LVgMpG-7o2Ob0ZH7wo479nbnr6AQ7xmPN5mRBR2soKL_aD84vyuOzsvk8vwDdxlXd:1tgAX1:A2cnrBjS-SjpnonsUeWQnNJjfWT79Ahe-2WwfkEvp7c", + "expire_date": "2025-02-20T22:39:35.077Z" + } +}, +{ + "model": "sessions.session", + "pk": "imsqmmk97qms70tz0e55yumkf5ehcfjw", + "fields": { + "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-07-19T22:22:52.744Z" + } +}, +{ + "model": "sessions.session", + "pk": "jd1dvmzg2kdst1dvjvd82xto3two999q", + "fields": { + "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-11-19T07:37:14.206Z" + } +}, +{ + "model": "sessions.session", + "pk": "nrksf0iuveua4cjxcy9m5i5nvvnswks0", + "fields": { + "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-11-19T12:12:49.262Z" + } +}, +{ + "model": "sessions.session", + "pk": "ocg999bmxmjn5q2ebcddpzbr1a3ewpvt", + "fields": { + "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-07-16T00:21:49.329Z" + } +}, +{ + "model": "sites.site", + "fields": { + "domain": "example.com", + "name": "example.com" + } +}, +{ + "model": "admin.logentry", + "pk": 1, + "fields": { + "action_time": "2021-07-02T00:22:01.258Z", + "user": [ + "admin" + ], + "content_type": [ + "auth", + "user" + ], + "object_id": "2", + "object_repr": "user1", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 2, + "fields": { + "action_time": "2021-07-02T00:22:09.722Z", + "user": [ + "admin" + ], + "content_type": [ + "auth", + "user" + ], + "object_id": "3", + "object_repr": "user2", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 3, + "fields": { + "action_time": "2021-11-04T08:57:11.661Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "6", + "object_repr": "High Impact test finding", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 4, + "fields": { + "action_time": "2021-11-04T08:57:21.204Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "4", + "object_repr": "High Impact test finding", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 5, + "fields": { + "action_time": "2021-11-04T08:57:32.008Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "2", + "object_repr": "High Impact test finding", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 6, + "fields": { + "action_time": "2021-11-04T08:58:15.735Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "3", + "object_repr": "High Impact test finding", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 7, + "fields": { + "action_time": "2021-11-04T08:58:43.433Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "5", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" + } +}, +{ + "model": "admin.logentry", + "pk": 8, + "fields": { + "action_time": "2021-11-04T08:58:43.474Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "7", + "object_repr": "DUMMY FINDING", + "action_flag": 3, + "change_message": "" + } +}, +{ + "model": "admin.logentry", + "pk": 9, + "fields": { + "action_time": "2021-11-04T08:58:43.495Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "6", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" + } +}, +{ + "model": "admin.logentry", + "pk": 10, + "fields": { + "action_time": "2021-11-04T08:58:43.501Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "4", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" + } +}, +{ + "model": "admin.logentry", + "pk": 11, + "fields": { + "action_time": "2021-11-04T08:58:43.507Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "3", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" + } +}, +{ + "model": "admin.logentry", + "pk": 12, + "fields": { + "action_time": "2021-11-04T08:58:43.512Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "2", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" + } +}, +{ + "model": "admin.logentry", + "pk": 13, + "fields": { + "action_time": "2021-11-04T09:00:09.825Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "jira_issue" + ], + "object_id": "1", + "object_repr": "Java", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 14, + "fields": { + "action_time": "2021-11-04T09:13:05.793Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "jira_issue" + ], + "object_id": "4", + "object_repr": "XML", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 15, + "fields": { + "action_time": "2021-11-04T09:14:00.425Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "jira_issue" + ], + "object_id": "3", + "object_repr": "JavaScript", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 16, + "fields": { + "action_time": "2021-11-04T09:20:33.497Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "notification_webhooks" + ], + "object_id": "1", + "object_repr": "Tomcat | Bodgeit", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 17, + "fields": { + "action_time": "2021-11-04T13:06:05.480Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "jira_issue" + ], + "object_id": "2", + "object_repr": "Python", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 18, + "fields": { + "action_time": "2021-11-05T07:13:16.077Z", + "user": [ + "admin" + ], + "content_type": [ + "auth", + "user" + ], + "object_id": "1", + "object_repr": "admin", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 19, + "fields": { + "action_time": "2021-11-05T07:13:53.435Z", + "user": [ + "admin" + ], + "content_type": [ + "auth", + "user" + ], + "object_id": "2", + "object_repr": "product_manager", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 20, + "fields": { + "action_time": "2021-11-05T07:21:45.543Z", + "user": [ + "admin" + ], + "content_type": [ + "auth", + "user" + ], + "object_id": "2", + "object_repr": "product_manager", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"is_staff\"]}}]" + } +}, +{ + "model": "dojo.regulation", + "pk": 1, + "fields": { + "name": "Payment Card Industry Data Security Standard", + "acronym": "PCI DSS", + "category": "finance", + "jurisdiction": "United States", + "description": "The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.", + "reference": "http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard" + } +}, +{ + "model": "dojo.regulation", + "pk": 2, + "fields": { + "name": "Health Insurance Portability and Accountability Act", + "acronym": "HIPAA", + "category": "medical", + "jurisdiction": "United States", + "description": "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum-Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.", + "reference": "http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 3, + "fields": { + "name": "Family Educational Rights and Privacy Act", + "acronym": "FERPA", + "category": "education", + "jurisdiction": "United States", + "description": "The Family Educational Rights and Privacy Act of 1974 (FERPA) is a United States federal law that gives parents access to their child's education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records. With several exceptions, schools must have a student's consent prior to the disclosure of education records after that student is 18 years old. The law applies only to educational agencies and institutions that receive funding under a program administered by the U.S. Department of Education. Other regulations under this act, effective starting January 3, 2012, allow for greater disclosures of personal and directory student identifying information and regulate student IDs and e-mail addresses.", + "reference": "http://en.wikipedia.org/wiki/Family_Educational_Rights_and_Privacy_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 4, + "fields": { + "name": "Sarbanes–Oxley Act", + "acronym": "SOX", + "category": "finance", + "jurisdiction": "United States", + "description": "The Sarbanes–Oxley Act of 2002 (SOX) is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms. There are also a number of provisions of the Act that also apply to privately held companies, for example the willful destruction of evidence to impede a Federal investigation.", + "reference": "http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 5, + "fields": { + "name": "Gramm–Leach–Bliley Act", + "acronym": "GLBA", + "category": "finance", + "jurisdiction": "United States", + "description": "The Gramm–Leach–Bliley Act (GLBA) is an act of the 106th United States Congress. It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company. With the bipartisan passage of the Gramm–Leach–Bliley Act, commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Furthermore, it failed to give to the SEC or any other financial regulatory agency the authority to regulate large investment bank holding companies.", + "reference": "http://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 6, + "fields": { + "name": "Personal Information Protection and Electronic Documents Act", + "acronym": "PIPEDA", + "category": "privacy", + "jurisdiction": "Canada", + "description": "The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. PIPEDA became law on 13 April 2000 to promote consumer trust in electronic commerce. The act was also intended to reassure the European Union that the Canadian privacy law was adequate to protect the personal information of European citizens.", + "reference": "http://en.wikipedia.org/wiki/Personal_Information_Protection_and_Electronic_Documents_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 7, + "fields": { + "name": "Data Protection Act 1998", + "acronym": "DPA", + "category": "privacy", + "jurisdiction": "United Kingdom", + "description": "The Data Protection Act 1998 (DPA) is an Act of Parliament of the United Kingdom of Great Britain and Northern Ireland which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring British law into line with the EU data protection directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. Most of the Act does not apply to domestic use, for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles. It also requires companies and individuals to keep personal information to themselves.", + "reference": "http://en.wikipedia.org/wiki/Data_Protection_Act_1998" + } +}, +{ + "model": "dojo.regulation", + "pk": 8, + "fields": { + "name": "Children's Online Privacy Protection Act", + "acronym": "COPPA", + "category": "privacy", + "jurisdiction": "United States", + "description": "The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law that applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing to those under 13. While children under 13 can legally give out personal information with their parents' permission, many websites disallow underage children from using their services altogether due to the amount of cash and work involved in the law compliance.", + "reference": "http://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 9, + "fields": { + "name": "California Security Breach Information Act", + "acronym": "CA SB-1386", + "category": "privacy", + "jurisdiction": "United States, California", + "description": "In the United States, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information is compromised. The Act stipulates that if there's a security breach of a database containing personal data, the responsible organization must notify each individual for whom it maintained information. The Act, which went into effect July 1, 2003, was created to help stem the increasing incidence of identity theft.", + "reference": "http://en.wikipedia.org/wiki/California_S.B._1386" + } +}, +{ + "model": "dojo.regulation", + "pk": 10, + "fields": { + "name": "California Online Privacy Protection Act", + "acronym": "OPPA", + "category": "privacy", + "jurisdiction": "United States, California", + "description": "The California Online Privacy Protection Act of 2003 (OPPA), effective as of July 1, 2004, is a California State Law. According to this law, operators of commercial websites that collect Personally identifiable information from California's residents are required to conspicuously post and comply with a privacy policy that meets certain requirements.", + "reference": "http://en.wikipedia.org/wiki/Online_Privacy_Protection_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 11, + "fields": { + "name": "Data Protection Directive", + "acronym": "Directive 95/46/EC", + "category": "privacy", + "jurisdiction": "European Union", + "description": "The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is a European Union directive adopted in 1995 which regulates the processing of personal data within the European Union. It is an important component of EU privacy and human rights law.", + "reference": "http://en.wikipedia.org/wiki/Data_Protection_Directive" + } +}, +{ + "model": "dojo.regulation", + "pk": 12, + "fields": { + "name": "Directive on Privacy and Electronic Communications", + "acronym": "Directive 2002/58/EC", + "category": "privacy", + "jurisdiction": "European Union", + "description": "Directive 2002/58 on Privacy and Electronic Communications, otherwise known as E-Privacy Directive, is an EU directive on data protection and privacy in the digital age. It presents a continuation of earlier efforts, most directly the Data Protection Directive. It deals with the regulation of a number of important issues such as confidentiality of information, treatment of traffic data, spam and cookies. This Directive has been amended by Directive 2009/136, which introduces several changes, especially in what concerns cookies, that are now subject to prior consent.", + "reference": "http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications" + } +}, +{ + "model": "dojo.regulation", + "pk": 13, + "fields": { + "name": "General Data Protection Regulation", + "acronym": "GDPR", + "category": "privacy", + "jurisdiction": "EU & EU Data Extra-Territorial Applicability", + "description": "The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.\r\n\r\nSuperseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personally identifiable information of data subjects inside the European Union, and applies to all enterprises, regardless of location, that are doing business with the European Economic Area. Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data's owner. The data owner has the right to revoke this permission at any time.", + "reference": "https://www.eugdpr.org/" + } +}, +{ + "model": "dojo.usercontactinfo", + "pk": 1, + "fields": { + "user": [ + "admin" + ], + "title": null, + "phone_number": "", + "cell_number": "", + "twitter_username": null, + "github_username": null, + "slack_username": null, + "slack_user_id": null, + "block_execution": false, + "force_password_reset": false, + "token_last_reset": null, + "password_last_reset": null + } +}, +{ + "model": "dojo.usercontactinfo", + "pk": 2, + "fields": { + "user": [ + "product_manager" + ], + "title": null, + "phone_number": "", + "cell_number": "", + "twitter_username": null, + "github_username": null, + "slack_username": null, + "slack_user_id": null, + "block_execution": false, + "force_password_reset": false, + "token_last_reset": null, + "password_last_reset": null + } +}, +{ + "model": "dojo.usercontactinfo", + "pk": 3, + "fields": { + "user": [ + "user2" + ], + "title": null, + "phone_number": "", + "cell_number": "", + "twitter_username": null, + "github_username": null, + "slack_username": null, + "slack_user_id": null, + "block_execution": false, + "force_password_reset": false, + "token_last_reset": null, + "password_last_reset": null + } +}, +{ + "model": "dojo.role", + "pk": 1, + "fields": { + "name": "API_Importer", + "is_owner": false + } +}, +{ + "model": "dojo.role", + "pk": 2, + "fields": { + "name": "Writer", + "is_owner": false + } +}, +{ + "model": "dojo.role", + "pk": 3, + "fields": { + "name": "Maintainer", + "is_owner": false + } +}, +{ + "model": "dojo.role", + "pk": 4, + "fields": { + "name": "Owner", + "is_owner": true + } +}, +{ + "model": "dojo.role", + "pk": 5, + "fields": { + "name": "Reader", + "is_owner": false + } +}, +{ + "model": "dojo.system_settings", + "pk": 1, + "fields": { + "enable_deduplication": false, + "delete_duplicates": false, + "max_dupes": null, + "email_from": "no-reply@example.com", + "enable_jira": false, + "enable_jira_web_hook": false, + "disable_jira_webhook_secret": false, + "jira_webhook_secret": null, + "jira_minimum_severity": null, + "jira_labels": null, + "add_vulnerability_id_to_jira_label": false, + "enable_github": false, + "enable_slack_notifications": false, + "slack_channel": "", + "slack_token": "", + "slack_username": "", + "enable_msteams_notifications": false, + "msteams_url": "", + "enable_mail_notifications": false, + "mail_notifications_to": "", + "enable_webhooks_notifications": false, + "webhooks_notifications_timeout": 10, + "enforce_verified_status": true, + "enforce_verified_status_jira": true, + "enforce_verified_status_product_grading": true, + "enforce_verified_status_metrics": true, + "false_positive_history": false, + "retroactive_false_positive_history": false, + "url_prefix": "", + "team_name": "", + "enable_product_grade": true, + "product_grade_a": 90, + "product_grade_b": 80, + "product_grade_c": 70, + "product_grade_d": 60, + "product_grade_f": 59, + "enable_product_tag_inheritance": false, + "enable_benchmark": true, + "enable_similar_findings": true, + "engagement_auto_close": false, + "engagement_auto_close_days": 3, + "enable_finding_sla": true, + "enable_notify_sla_active": false, + "enable_notify_sla_active_verified": false, + "enable_notify_sla_jira_only": false, + "enable_notify_sla_exponential_backoff": false, + "allow_anonymous_survey_repsonse": false, + "credentials": "", + "disclaimer_notifications": "", + "disclaimer_reports": "", + "disclaimer_reports_forced": false, + "disclaimer_notes": "", + "risk_acceptance_form_default_days": 180, + "risk_acceptance_notify_before_expiration": 10, + "enable_credentials": true, + "enable_questionnaires": true, + "enable_checklists": true, + "enable_endpoint_metadata_import": true, + "enable_user_profile_editable": true, + "enable_product_tracking_files": true, + "enable_finding_groups": true, + "enable_ui_table_based_searching": true, + "enable_calendar": true, + "enable_cvss3_display": true, + "enable_cvss4_display": true, + "default_group": null, + "default_group_role": null, + "default_group_email_pattern": "", + "minimum_password_length": 9, + "maximum_password_length": 48, + "number_character_required": true, + "special_character_required": true, + "lowercase_character_required": true, + "uppercase_character_required": true, + "non_common_password_required": true, + "api_expose_error_details": false, + "filter_string_matching": false + } +}, +{ + "model": "dojo.product_type", + "pk": 1, + "fields": { + "created": null, + "updated": null, + "name": "Research and Development", + "description": null, + "critical_product": false, + "key_product": false + } +}, +{ + "model": "dojo.product_type", + "pk": 2, + "fields": { + "created": null, + "updated": "2021-11-04T09:27:38.846Z", + "name": "Commerce", + "description": null, + "critical_product": true, + "key_product": false + } +}, +{ + "model": "dojo.product_type", + "pk": 3, + "fields": { + "created": null, + "updated": "2021-11-04T09:27:51.762Z", + "name": "Billing", + "description": null, + "critical_product": false, + "key_product": true + } +}, +{ + "model": "dojo.report_type", + "pk": 1, + "fields": { + "name": "Type 1" + } +}, +{ + "model": "dojo.report_type", + "pk": 2, + "fields": { + "name": "Type 2" + } +}, +{ + "model": "dojo.report_type", + "pk": 3, + "fields": { + "name": "Type 3" + } +}, +{ + "model": "dojo.test_type", + "pk": 1, + "fields": { + "name": "API Test", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 2, + "fields": { + "name": "Static Check", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 3, + "fields": { + "name": "Pen Test", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 4, + "fields": { + "name": "Nessus Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 5, + "fields": { + "name": "Web Application Test", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 6, + "fields": { + "name": "Security Research", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 7, + "fields": { + "name": "Threat Modeling", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 8, + "fields": { + "name": "Veracode Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 9, + "fields": { + "name": "Burp Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 10, + "fields": { + "name": "Nexpose Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 11, + "fields": { + "name": "ZAP Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 12, + "fields": { + "name": "Checkmarx Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 13, + "fields": { + "name": "OpenVAS CSV", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 14, + "fields": { + "name": "Bandit Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 15, + "fields": { + "name": "SSL Labs Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 16, + "fields": { + "name": "AppSpider Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 17, + "fields": { + "name": "Dependency Check Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 18, + "fields": { + "name": "Generic Findings Import", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 19, + "fields": { + "name": "Nmap Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 20, + "fields": { + "name": "Node Security Platform Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 21, + "fields": { + "name": "Qualys Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 22, + "fields": { + "name": "Qualys Web App Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 23, + "fields": { + "name": "Retire.js Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 24, + "fields": { + "name": "SKF Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 25, + "fields": { + "name": "Snyk Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 27, + "fields": { + "name": "Trustwave", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 28, + "fields": { + "name": "VCG Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 29, + "fields": { + "name": "Manual Code Review", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 30, + "fields": { + "name": "Gosec Scanner", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 31, + "fields": { + "name": "NPM Audit Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 32, + "fields": { + "name": "Clair Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 33, + "fields": { + "name": "Acunetix Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 34, + "fields": { + "name": "Acunetix360 Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 35, + "fields": { + "name": "Anchore Engine Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 36, + "fields": { + "name": "Anchore Enterprise Policy Check", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 37, + "fields": { + "name": "Anchore Grype", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 38, + "fields": { + "name": "Aqua Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 39, + "fields": { + "name": "Arachni Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 40, + "fields": { + "name": "AuditJS Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 41, + "fields": { + "name": "AWS Prowler Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 42, + "fields": { + "name": "AWS Scout2 Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 43, + "fields": { + "name": "AWS Security Hub Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 44, + "fields": { + "name": "Azure Security Center Recommendations Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 45, + "fields": { + "name": "Blackduck Hub Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 46, + "fields": { + "name": "Blackduck Component Risk", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 47, + "fields": { + "name": "Brakeman Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 48, + "fields": { + "name": "BugCrowd Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 49, + "fields": { + "name": "Bundler-Audit Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 50, + "fields": { + "name": "Burp REST API", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 51, + "fields": { + "name": "Burp Enterprise Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 52, + "fields": { + "name": "Burp GraphQL API", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 53, + "fields": { + "name": "CargoAudit Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 54, + "fields": { + "name": "CCVS Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 55, + "fields": { + "name": "Checkmarx Scan detailed", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 56, + "fields": { + "name": "Checkmarx OSA", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 57, + "fields": { + "name": "Checkov Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 58, + "fields": { + "name": "Rusty Hog Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 59, + "fields": { + "name": "Clair Klar Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 60, + "fields": { + "name": "Cloudsploit Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 61, + "fields": { + "name": "Cobalt.io Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 62, + "fields": { + "name": "Cobalt.io API Import", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 63, + "fields": { + "name": "Contrast Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 64, + "fields": { + "name": "Coverity API", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 65, + "fields": { + "name": "Crashtest Security JSON File", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 66, + "fields": { + "name": "Crashtest Security XML File", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 67, + "fields": { + "name": "CredScan Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 68, + "fields": { + "name": "CycloneDX Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 69, + "fields": { + "name": "DawnScanner Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 70, + "fields": { + "name": "Dependency Track Finding Packaging Format (FPF) Export", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 71, + "fields": { + "name": "Detect-secrets Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 72, + "fields": { + "name": "Dockle Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 73, + "fields": { + "name": "DrHeader JSON Importer", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 74, + "fields": { + "name": "DSOP Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 75, + "fields": { + "name": "ESLint Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 76, + "fields": { + "name": "Fortify Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 77, + "fields": { + "name": "Github Vulnerability Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 78, + "fields": { + "name": "GitLab API Fuzzing Report Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 79, + "fields": { + "name": "GitLab Container Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 80, + "fields": { + "name": "GitLab DAST Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 81, + "fields": { + "name": "GitLab Dependency Scanning Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 82, + "fields": { + "name": "GitLab SAST Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 83, + "fields": { + "name": "GitLab Secret Detection Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 84, + "fields": { + "name": "Gitleaks Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 85, + "fields": { + "name": "HackerOne Cases", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 86, + "fields": { + "name": "Hadolint Dockerfile check", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 87, + "fields": { + "name": "Harbor Vulnerability Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 88, + "fields": { + "name": "HuskyCI Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 89, + "fields": { + "name": "IBM AppScan DAST", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 90, + "fields": { + "name": "Immuniweb Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 91, + "fields": { + "name": "IntSights Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 92, + "fields": { + "name": "JFrog Xray Unified Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 93, + "fields": { + "name": "JFrog Xray Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 94, + "fields": { + "name": "KICS Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 95, + "fields": { + "name": "Kiuwan Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 96, + "fields": { + "name": "kube-bench Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 97, + "fields": { + "name": "Meterian Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 98, + "fields": { + "name": "Microfocus Webinspect Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 99, + "fields": { + "name": "MobSF Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 100, + "fields": { + "name": "Mobsfscan Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 101, + "fields": { + "name": "Mozilla Observatory Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 102, + "fields": { + "name": "Nessus WAS Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 103, + "fields": { + "name": "Netsparker Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 104, + "fields": { + "name": "Nikto Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 105, + "fields": { + "name": "Nuclei Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 106, + "fields": { + "name": "Openscap Vulnerability Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 107, + "fields": { + "name": "ORT evaluated model Importer", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 108, + "fields": { + "name": "OssIndex Devaudit SCA Scan Importer", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 109, + "fields": { + "name": "Outpost24 Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 110, + "fields": { + "name": "PHP Security Audit v2", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 111, + "fields": { + "name": "PHP Symfony Security Check", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 112, + "fields": { + "name": "PMD Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 113, + "fields": { + "name": "Qualys Infrastructure Scan (WebGUI XML)", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 114, + "fields": { + "name": "Qualys Webapp Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 115, + "fields": { + "name": "Risk Recon API Importer", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 117, + "fields": { + "name": "SARIF", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 118, + "fields": { + "name": "Scantist Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 119, + "fields": { + "name": "Scout Suite Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 120, + "fields": { + "name": "Semgrep JSON Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 121, + "fields": { + "name": "SonarQube Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 122, + "fields": { + "name": "SonarQube Scan detailed", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 123, + "fields": { + "name": "SonarQube API Import", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 124, + "fields": { + "name": "Sonatype Application Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 125, + "fields": { + "name": "SpotBugs Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 126, + "fields": { + "name": "Sslscan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 127, + "fields": { + "name": "SSLyze Scan (JSON)", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 128, + "fields": { + "name": "Sslyze Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 129, + "fields": { + "name": "Terrascan Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 130, + "fields": { + "name": "Testssl Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 131, + "fields": { + "name": "TFSec Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 132, + "fields": { + "name": "Trivy Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 133, + "fields": { + "name": "Trufflehog Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 134, + "fields": { + "name": "Trufflehog3 Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 135, + "fields": { + "name": "Trustwave Scan (CSV)", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 136, + "fields": { + "name": "Trustwave Fusion API Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 137, + "fields": { + "name": "Twistlock Image Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 138, + "fields": { + "name": "Wapiti Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 139, + "fields": { + "name": "WFuzz JSON report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 140, + "fields": { + "name": "WhiteHat Sentinel", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 141, + "fields": { + "name": "Mend Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 142, + "fields": { + "name": "Wpscan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 143, + "fields": { + "name": "Xanitizer Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 144, + "fields": { + "name": "Yarn Audit Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 149, + "fields": { + "name": "JFrog Xray On Demand Binary Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.sla_configuration", + "pk": 1, + "fields": { + "name": "Default", + "description": "The Default SLA Configuration. Products not using an explicit SLA Configuration will use this one.", + "critical": 7, + "enforce_critical": true, + "high": 30, + "enforce_high": true, + "medium": 90, + "enforce_medium": true, + "low": 120, + "enforce_low": true, + "restart_sla_on_reactivation": false, + "async_updating": false + } +}, +{ + "model": "dojo.tagulous_product_tags", + "pk": 1, + "fields": { + "name": "retire", + "slug": "retire", + "count": 1, + "protected": false + } +}, +{ + "model": "dojo.product", + "pk": 1, + "fields": { + "created": null, + "updated": "2025-01-17T16:52:28.298Z", + "name": "BodgeIt", + "description": "[Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up", + "product_manager": [ + "admin" + ], + "technical_contact": [ + "user2" + ], + "team_manager": [ + "product_manager" + ], + "prod_type": 2, + "sla_configuration": 1, + "tid": 0, + "prod_numeric_grade": 5, + "business_criticality": "high", + "platform": "web", + "lifecycle": "production", + "origin": "internal", + "user_records": 1000000000, + "revenue": "1000.00", + "external_audience": true, + "internet_accessible": true, + "enable_product_tag_inheritance": false, + "enable_simple_risk_acceptance": false, + "enable_full_risk_acceptance": true, + "disable_sla_breach_notifications": false, + "async_updating": false, + "regulations": [ + 13, + 1 + ], + "tags": [ + "retire" + ] + } +}, +{ + "model": "dojo.product", + "pk": 2, + "fields": { + "created": null, + "updated": "2025-01-17T16:52:28.346Z", + "name": "Internal CRM App", + "description": "* New product in development that attempts to follow all best practices", + "product_manager": [ + "product_manager" + ], + "technical_contact": [ + "product_manager" + ], + "team_manager": [ + "user2" + ], + "prod_type": 2, + "sla_configuration": 1, + "tid": 0, + "prod_numeric_grade": 51, + "business_criticality": "medium", + "platform": "web", + "lifecycle": "construction", + "origin": "internal", + "user_records": null, + "revenue": null, + "external_audience": false, + "internet_accessible": false, + "enable_product_tag_inheritance": false, + "enable_simple_risk_acceptance": false, + "enable_full_risk_acceptance": true, + "disable_sla_breach_notifications": false, + "async_updating": false, + "regulations": [], + "tags": [] + } +}, +{ + "model": "dojo.product", + "pk": 3, + "fields": { + "created": null, + "updated": "2025-02-06T22:39:22.655Z", + "name": "Apple Accounting Software", + "description": "Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers", + "product_manager": [ + "admin" + ], + "technical_contact": [ + "user2" + ], + "team_manager": [ + "user2" + ], + "prod_type": 3, + "sla_configuration": 1, + "tid": 0, + "prod_numeric_grade": 100, + "business_criticality": "high", + "platform": "web", + "lifecycle": "production", + "origin": "purchased", + "user_records": 5000, + "revenue": null, + "external_audience": true, + "internet_accessible": false, + "enable_product_tag_inheritance": false, + "enable_simple_risk_acceptance": false, + "enable_full_risk_acceptance": true, + "disable_sla_breach_notifications": false, + "async_updating": false, + "regulations": [ + 5 + ], + "tags": [] + } +}, +{ + "model": "dojo.tool_type", + "pk": 1, + "fields": { + "name": "DAST", + "description": "Dynamic Application Security Testing" + } +}, +{ + "model": "dojo.tool_type", + "pk": 2, + "fields": { + "name": "SAST", + "description": "Static Application Security Testing" + } +}, +{ + "model": "dojo.tool_type", + "pk": 3, + "fields": { + "name": "IAST", + "description": "Interactive Application Security Testing" + } +}, +{ + "model": "dojo.tool_type", + "pk": 4, + "fields": { + "name": "Source Code", + "description": "Source Code Management" + } +}, +{ + "model": "dojo.tool_type", + "pk": 5, + "fields": { + "name": "Build Sever", + "description": "Build Server" + } +}, +{ + "model": "dojo.tool_configuration", + "pk": 1, + "fields": { + "name": "Tool Configuration 1", + "description": "test configuration", + "url": "http://www.example.com", + "tool_type": 1, + "authentication_type": "Password", + "extras": null, + "username": "user1", + "password": "user1", + "auth_title": "", + "ssh": "", + "api_key": "" + } +}, +{ + "model": "dojo.tool_configuration", + "pk": 2, + "fields": { + "name": "Tool Configuration 2", + "description": "test configuration", + "url": "http://www.example.com", + "tool_type": 2, + "authentication_type": "API", + "extras": null, + "username": "", + "password": "", + "auth_title": "test key", + "ssh": "", + "api_key": "test string" + } +}, +{ + "model": "dojo.tool_configuration", + "pk": 3, + "fields": { + "name": "Tool Configuration 3", + "description": "test configuration", + "url": "http://www.example.com", + "tool_type": 3, + "authentication_type": "SSH", + "extras": null, + "username": "", + "password": "", + "auth_title": "test ssh", + "ssh": "test string", + "api_key": "" + } +}, +{ + "model": "dojo.tagulous_engagement_tags", + "pk": 2, + "fields": { + "name": "pci", + "slug": "pci", + "count": 2, + "protected": false + } +}, +{ + "model": "dojo.engagement", + "pk": 1, + "fields": { + "created": null, + "updated": null, + "name": "1st Quarter Engagement", + "description": "test Engagement", + "version": null, + "first_contacted": null, + "target_start": "2021-06-30", + "target_end": "2021-06-30", + "lead": [ + "product_manager" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 2, + "active": true, + "tracker": null, + "test_strategy": null, + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "In Progress", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 2, + "fields": { + "created": null, + "updated": "2021-11-04T09:15:49.870Z", + "name": "April Monthly Engagement", + "description": "Requested by the team for regular manual checkup by the security team.", + "version": null, + "first_contacted": null, + "target_start": "2021-06-30", + "target_end": "2021-06-30", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": null, + "test_strategy": "", + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "Completed", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 3, + "fields": { + "created": null, + "updated": null, + "name": "weekly engagement", + "description": "test Engagement", + "version": null, + "first_contacted": null, + "target_start": "2021-06-21", + "target_end": "2021-06-22", + "lead": [ + "product_manager" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 2, + "active": true, + "tracker": null, + "test_strategy": null, + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "Completed", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 4, + "fields": { + "created": "2021-11-04T09:01:00.647Z", + "updated": "2021-11-04T09:14:58.726Z", + "name": "Static Scan", + "description": "Initial static scan for Bodgeit.", + "version": "v.1.2.0", + "first_contacted": null, + "target_start": "2021-11-03", + "target_end": "2021-11-10", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Completed", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 6, + "fields": { + "created": "2021-11-04T09:25:29.380Z", + "updated": "2021-11-04T09:26:47.339Z", + "name": "Quarterly PCI Scan", + "description": "Reccuring Quarterly Scan", + "version": null, + "first_contacted": null, + "target_start": "2022-01-19", + "target_end": "2022-01-26", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": true, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Not Started", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [ + "pci" + ], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 7, + "fields": { + "created": "2021-11-04T09:36:15.136Z", + "updated": "2021-11-04T09:36:15.136Z", + "name": "Ad Hoc Engagement", + "description": null, + "version": null, + "first_contacted": null, + "target_start": "2021-11-03", + "target_end": "2021-11-03", + "lead": null, + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 2, + "active": false, + "tracker": null, + "test_strategy": null, + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 8, + "fields": { + "created": "2021-11-04T09:42:51.116Z", + "updated": "2021-11-04T09:44:29.481Z", + "name": "Initial Assessment", + "description": "This application needs to be assesed to determine the security posture.", + "version": "10.2.1", + "first_contacted": null, + "target_start": "2021-12-20", + "target_end": "2021-12-27", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 3, + "active": true, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Not Started", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 10, + "fields": { + "created": "2021-11-05T06:44:35.773Z", + "updated": "2021-11-05T06:49:39.475Z", + "name": "Multiple scanners", + "description": "Example engagement with multiple scan types.", + "version": "1.2.1", + "first_contacted": null, + "target_start": "2021-11-04", + "target_end": "2021-11-04", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Completed", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [ + "pci" + ], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 11, + "fields": { + "created": "2021-11-05T06:54:11.880Z", + "updated": "2021-11-05T06:55:42.622Z", + "name": "Manual PenTest", + "description": "Please do a manual pentest before our next release to prod.", + "version": "1.9.1", + "first_contacted": null, + "target_start": "2021-12-30", + "target_end": "2022-01-02", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": true, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Blocked", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 12, + "fields": { + "created": "2021-11-05T07:06:26.136Z", + "updated": "2021-11-05T07:07:44.126Z", + "name": "CI/CD Baseline Security Test", + "description": "", + "version": "1.1.2", + "first_contacted": null, + "target_start": "2021-11-04", + "target_end": "2021-11-11", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": "https://github.com/psiinon/bodgeit", + "test_strategy": null, + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Completed", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "CI/CD", + "build_id": "89", + "commit_hash": "b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6", + "branch_tag": "master", + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": "https://github.com/psiinon/bodgeit", + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 13, + "fields": { + "created": "2021-11-05T10:43:05.446Z", + "updated": "2021-11-05T10:43:05.446Z", + "name": "AdHoc Import - Fri, 17 Aug 2018 18:20:55", + "description": null, + "version": null, + "first_contacted": null, + "target_start": "2021-11-04", + "target_end": "2021-11-04", + "lead": null, + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": true, + "tracker": null, + "test_strategy": null, + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "In Progress", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.development_environment", + "pk": 1, + "fields": { + "name": "AWS" + } +}, +{ + "model": "dojo.development_environment", + "pk": 2, + "fields": { + "name": "Staging" + } +}, +{ + "model": "dojo.development_environment", + "pk": 3, + "fields": { + "name": "Production" + } +}, +{ + "model": "dojo.development_environment", + "pk": 4, + "fields": { + "name": "Test" + } +}, +{ + "model": "dojo.development_environment", + "pk": 5, + "fields": { + "name": "Pre-prod" + } +}, +{ + "model": "dojo.development_environment", + "pk": 6, + "fields": { + "name": "Lab" + } +}, +{ + "model": "dojo.development_environment", + "pk": 7, + "fields": { + "name": "Development" + } +}, +{ + "model": "dojo.test", + "pk": 3, + "fields": { + "engagement": 1, + "lead": null, + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-02-18T00:00:00Z", + "target_end": "2021-02-27T00:00:00Z", + "percent_complete": 100, + "environment": 1, + "updated": null, + "created": null, + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 13, + "fields": { + "engagement": 2, + "lead": [ + "product_manager" + ], + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-03-21T01:00:00Z", + "target_end": "2021-03-22T01:00:00Z", + "percent_complete": 100, + "environment": 1, + "updated": null, + "created": null, + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 14, + "fields": { + "engagement": 1, + "lead": null, + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-02-18T00:00:00Z", + "target_end": "2021-02-27T00:00:00Z", + "percent_complete": 100, + "environment": 1, + "updated": null, + "created": null, + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 15, + "fields": { + "engagement": 4, + "lead": [ + "admin" + ], + "test_type": 12, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-03T00:00:00Z", + "target_end": "2021-11-03T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-04T09:01:30.563Z", + "created": "2021-11-04T09:01:30.563Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 16, + "fields": { + "engagement": 4, + "lead": [ + "admin" + ], + "test_type": 12, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-03T00:00:00Z", + "target_end": "2021-11-03T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-04T09:03:25.139Z", + "created": "2021-11-04T09:03:25.139Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 18, + "fields": { + "engagement": 6, + "lead": [ + "admin" + ], + "test_type": 21, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2022-01-19T00:00:00Z", + "target_end": "2022-01-24T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:26:34.003Z", + "created": "2021-11-04T09:25:46.327Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 19, + "fields": { + "engagement": 7, + "lead": null, + "test_type": 3, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T09:36:15.180Z", + "target_end": "2021-11-04T09:36:15.180Z", + "percent_complete": null, + "environment": null, + "updated": "2021-11-04T09:36:15.180Z", + "created": "2021-11-04T09:36:15.180Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 20, + "fields": { + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:43:09.101Z", + "created": "2021-11-04T09:43:09.101Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 21, + "fields": { + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 19, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 2, + "updated": "2021-11-04T09:43:23.410Z", + "created": "2021-11-04T09:43:23.410Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 22, + "fields": { + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 17, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:43:41.711Z", + "created": "2021-11-04T09:43:41.711Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 23, + "fields": { + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 11, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:44:01.815Z", + "created": "2021-11-04T09:44:01.815Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 25, + "fields": { + "engagement": 10, + "lead": [ + "admin" + ], + "test_type": 17, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T06:44:35.814Z", + "created": "2021-11-05T06:44:35.814Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 26, + "fields": { + "engagement": 10, + "lead": [ + "admin" + ], + "test_type": 28, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T06:46:06.450Z", + "created": "2021-11-05T06:46:06.450Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 28, + "fields": { + "engagement": 10, + "lead": [ + "admin" + ], + "test_type": 9, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T06:47:17.517Z", + "created": "2021-11-05T06:47:17.518Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 29, + "fields": { + "engagement": 11, + "lead": [ + "admin" + ], + "test_type": 29, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-11T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-05T06:54:23.989Z", + "created": "2021-11-05T06:54:23.989Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 30, + "fields": { + "engagement": 11, + "lead": [ + "admin" + ], + "test_type": 3, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-11T00:00:00Z", + "percent_complete": null, + "environment": 5, + "updated": "2021-11-05T06:54:35.499Z", + "created": "2021-11-05T06:54:35.499Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 31, + "fields": { + "engagement": 12, + "lead": [ + "admin" + ], + "test_type": 30, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T07:07:18.034Z", + "created": "2021-11-05T07:07:18.034Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 32, + "fields": { + "engagement": 13, + "lead": [ + "admin" + ], + "test_type": 9, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T10:43:05.485Z", + "created": "2021-11-05T10:43:05.485Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 2, + "fields": { + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": false, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.707Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 3, + "fields": { + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.280Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 4, + "fields": { + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.297Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 5, + "fields": { + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:12.850Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 6, + "fields": { + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.314Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 7, + "fields": { + "created": null, + "updated": null, + "title": "Dummy Finding", + "date": "2021-03-20", + "sla_start_date": null, + "sla_expiration_date": "2021-04-19", + "cwe": 1, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "http://www.example.com", + "severity": "High", + "description": "TEST finding", + "mitigation": "MITIGATION", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.331Z", + "review_requested_by": [ + "product_manager" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "product_manager" + ], + "is_mitigated": false, + "thread_id": 1, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "product_manager" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0", + "line": 100, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 8, + "fields": { + "created": "2021-11-04T09:01:32.590Z", + "updated": null, + "title": "SQL Injection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.691Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:32.587Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 9, + "fields": { + "created": "2021-11-04T09:01:32.769Z", + "updated": null, + "title": "Download of Code Without Integrity Check (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.758Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:32.763Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 10, + "fields": { + "created": "2021-11-04T09:01:32.948Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.904Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:32.945Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 11, + "fields": { + "created": "2021-11-04T09:01:33.124Z", + "updated": null, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.527Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:33.122Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc", + "line": 134, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 12, + "fields": { + "created": "2021-11-04T09:01:33.268Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.331Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:33.265Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27", + "line": 25, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 13, + "fields": { + "created": "2021-11-04T09:01:33.438Z", + "updated": null, + "title": "Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.484Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:33.435Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 14, + "fields": { + "created": "2021-11-04T09:01:33.602Z", + "updated": null, + "title": "HttpOnlyCookies (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.422Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:33.599Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924", + "line": 46, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 15, + "fields": { + "created": "2021-11-04T09:01:33.755Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.344Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:33.751Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 16, + "fields": { + "created": "2021-11-04T09:01:33.905Z", + "updated": null, + "title": "Hardcoded Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.192Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:33.902Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 17, + "fields": { + "created": "2021-11-04T09:01:34.060Z", + "updated": null, + "title": "Client Insecure Randomness (encryption.js)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.380Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:34.056Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6", + "line": 127, + "file_path": "/root/js/encryption.js", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 18, + "fields": { + "created": "2021-11-04T09:01:34.209Z", + "updated": null, + "title": "SQL Injection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.659Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:34.206Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 19, + "fields": { + "created": "2021-11-04T09:01:34.373Z", + "updated": null, + "title": "Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.772Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:34.370Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 20, + "fields": { + "created": "2021-11-04T09:01:34.530Z", + "updated": null, + "title": "CGI Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.486Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:34.527Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 21, + "fields": { + "created": "2021-11-04T09:01:34.702Z", + "updated": null, + "title": "Not Using a Random IV With CBC Mode (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 329, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.933Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:34.699Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c", + "line": 96, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 22, + "fields": { + "created": "2021-11-04T09:01:34.865Z", + "updated": null, + "title": "Collapse of Data Into Unsafe Value (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 182, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.396Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:34.861Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 23, + "fields": { + "created": "2021-11-04T09:01:35.040Z", + "updated": null, + "title": "Stored Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 646, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.227Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:35.037Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 24, + "fields": { + "created": "2021-11-04T09:01:35.231Z", + "updated": null, + "title": "Hardcoded Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.053Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.227Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 25, + "fields": { + "created": "2021-11-04T09:01:35.388Z", + "updated": null, + "title": "Blind SQL Injections (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.286Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:35.385Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 26, + "fields": { + "created": "2021-11-04T09:01:35.563Z", + "updated": null, + "title": "Heap Inspection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.301Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.561Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e", + "line": 10, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 27, + "fields": { + "created": "2021-11-04T09:01:35.729Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.640Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.724Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195", + "line": 24, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 28, + "fields": { + "created": "2021-11-04T09:01:35.904Z", + "updated": null, + "title": "Trust Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 501, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.577Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.900Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 29, + "fields": { + "created": "2021-11-04T09:01:36.151Z", + "updated": null, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.542Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.147Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00", + "line": 53, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 30, + "fields": { + "created": "2021-11-04T09:01:36.397Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.041Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.394Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717", + "line": 280, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 31, + "fields": { + "created": "2021-11-04T09:01:36.586Z", + "updated": null, + "title": "Empty Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.642Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.583Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 32, + "fields": { + "created": "2021-11-04T09:01:36.781Z", + "updated": null, + "title": "Improper Resource Access Authorization (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.977Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.777Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 33, + "fields": { + "created": "2021-11-04T09:01:36.976Z", + "updated": null, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.583Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:36.972Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 34, + "fields": { + "created": "2021-11-04T09:01:37.211Z", + "updated": null, + "title": "Hardcoded Password in Connection String (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.145Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:37.206Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 35, + "fields": { + "created": "2021-11-04T09:01:37.495Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.499Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:37.491Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 36, + "fields": { + "created": "2021-11-04T09:01:37.702Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.138Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:37.698Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08", + "line": 130, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 37, + "fields": { + "created": "2021-11-04T09:01:37.894Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.165Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:37.891Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03", + "line": 56, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 38, + "fields": { + "created": "2021-11-04T09:01:38.083Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.328Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:38.079Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800", + "line": 78, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 39, + "fields": { + "created": "2021-11-04T09:01:38.281Z", + "updated": null, + "title": "Suspected XSS (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.306Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:38.277Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17", + "line": 57, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 40, + "fields": { + "created": "2021-11-04T09:01:38.499Z", + "updated": null, + "title": "Hardcoded Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.989Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:38.495Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 41, + "fields": { + "created": "2021-11-04T09:01:38.694Z", + "updated": null, + "title": "Hardcoded Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.038Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:38.690Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 42, + "fields": { + "created": "2021-11-04T09:01:38.895Z", + "updated": null, + "title": "Empty Password in Connection String (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.675Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:38.891Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 43, + "fields": { + "created": "2021-11-04T09:01:39.107Z", + "updated": null, + "title": "Download of Code Without Integrity Check (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.727Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:39.102Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 44, + "fields": { + "created": "2021-11-04T09:01:39.298Z", + "updated": null, + "title": "Information Exposure Through an Error Message (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.686Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:39.295Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63", + "line": 41, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 45, + "fields": { + "created": "2021-11-04T09:01:39.448Z", + "updated": null, + "title": "SQL Injection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.628Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:39.444Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 46, + "fields": { + "created": "2021-11-04T09:01:39.616Z", + "updated": null, + "title": "Empty Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.443Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:39.613Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 47, + "fields": { + "created": "2021-11-04T09:01:39.814Z", + "updated": null, + "title": "CGI Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.551Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:39.809Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 48, + "fields": { + "created": "2021-11-04T09:01:40.005Z", + "updated": null, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 315, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.964Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:40.001Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 49, + "fields": { + "created": "2021-11-04T09:01:40.176Z", + "updated": null, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.605Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:40.173Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c", + "line": 75, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 50, + "fields": { + "created": "2021-11-04T09:01:40.355Z", + "updated": null, + "title": "Hardcoded Password in Connection String (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.958Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:40.351Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f", + "line": 1, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 51, + "fields": { + "created": "2021-11-04T09:01:40.539Z", + "updated": null, + "title": "Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.724Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:40.535Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 52, + "fields": { + "created": "2021-11-04T09:01:40.715Z", + "updated": null, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.598Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:40.710Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4", + "line": 1, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 53, + "fields": { + "created": "2021-11-04T09:01:40.869Z", + "updated": null, + "title": "Empty Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.582Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:40.865Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 54, + "fields": { + "created": "2021-11-04T09:01:41.022Z", + "updated": null, + "title": "Heap Inspection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.271Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.019Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2", + "line": 8, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 55, + "fields": { + "created": "2021-11-04T09:01:41.178Z", + "updated": null, + "title": "Download of Code Without Integrity Check (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.820Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.175Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 56, + "fields": { + "created": "2021-11-04T09:01:41.335Z", + "updated": null, + "title": "Session Fixation (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.516Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.332Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21", + "line": 48, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 57, + "fields": { + "created": "2021-11-04T09:01:41.494Z", + "updated": null, + "title": "Stored XSS (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.970Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:41.491Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c", + "line": 49, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 58, + "fields": { + "created": "2021-11-04T09:01:41.669Z", + "updated": null, + "title": "Empty Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.505Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:41.667Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 59, + "fields": { + "created": "2021-11-04T09:01:41.820Z", + "updated": null, + "title": "Hardcoded Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.084Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.817Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 60, + "fields": { + "created": "2021-11-04T09:01:41.972Z", + "updated": null, + "title": "Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.499Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:41.970Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 61, + "fields": { + "created": "2021-11-04T09:01:42.130Z", + "updated": null, + "title": "HttpOnlyCookies (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.376Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:42.127Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932", + "line": 38, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 62, + "fields": { + "created": "2021-11-04T09:01:42.302Z", + "updated": null, + "title": "Download of Code Without Integrity Check (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.836Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:42.298Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 63, + "fields": { + "created": "2021-11-04T09:01:42.457Z", + "updated": null, + "title": "Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.855Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:42.453Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 64, + "fields": { + "created": "2021-11-04T09:01:42.620Z", + "updated": null, + "title": "Empty Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.552Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:42.617Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 65, + "fields": { + "created": "2021-11-04T09:01:42.796Z", + "updated": null, + "title": "Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.547Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:42.793Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 66, + "fields": { + "created": "2021-11-04T09:01:42.956Z", + "updated": null, + "title": "Improper Resource Access Authorization (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.025Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:42.953Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628", + "line": 42, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 67, + "fields": { + "created": "2021-11-04T09:01:43.115Z", + "updated": null, + "title": "Download of Code Without Integrity Check (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.789Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:43.112Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 68, + "fields": { + "created": "2021-11-04T09:01:43.269Z", + "updated": null, + "title": "Download of Code Without Integrity Check (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.881Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:43.267Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 69, + "fields": { + "created": "2021-11-04T09:01:43.431Z", + "updated": null, + "title": "Improper Resource Access Authorization (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.831Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.428Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f", + "line": 55, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 70, + "fields": { + "created": "2021-11-04T09:01:43.595Z", + "updated": null, + "title": "Race Condition Format Flaw (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.980Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.592Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a", + "line": 262, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 71, + "fields": { + "created": "2021-11-04T09:01:43.752Z", + "updated": null, + "title": "Empty Password in Connection String (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.521Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.749Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e", + "line": 89, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 72, + "fields": { + "created": "2021-11-04T09:01:43.931Z", + "updated": null, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.785Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.927Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725", + "line": 31, + "file_path": "/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 73, + "fields": { + "created": "2021-11-04T09:01:44.091Z", + "updated": null, + "title": "Suspected XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.274Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:44.088Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 74, + "fields": { + "created": "2021-11-04T09:01:44.250Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.670Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:44.247Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 75, + "fields": { + "created": "2021-11-04T09:01:44.408Z", + "updated": null, + "title": "CGI Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.518Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:44.405Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 76, + "fields": { + "created": "2021-11-04T09:01:44.599Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.347Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:44.595Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 77, + "fields": { + "created": "2021-11-04T09:01:44.798Z", + "updated": null, + "title": "Download of Code Without Integrity Check (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.680Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:44.794Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2", + "line": 87, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 78, + "fields": { + "created": "2021-11-04T09:01:44.961Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.266Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:44.955Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 79, + "fields": { + "created": "2021-11-04T09:01:45.167Z", + "updated": null, + "title": "Blind SQL Injections (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.239Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:45.164Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 80, + "fields": { + "created": "2021-11-04T09:01:45.338Z", + "updated": null, + "title": "Client DOM Open Redirect (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 601, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.334Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:45.335Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93", + "line": 48, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 81, + "fields": { + "created": "2021-11-04T09:01:45.495Z", + "updated": null, + "title": "Hardcoded Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.208Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:45.492Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 82, + "fields": { + "created": "2021-11-04T09:01:45.667Z", + "updated": null, + "title": "CGI Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.407Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:45.664Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 83, + "fields": { + "created": "2021-11-04T09:01:45.809Z", + "updated": null, + "title": "Use of Insufficiently Random Values (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.793Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:45.806Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 84, + "fields": { + "created": "2021-11-04T09:01:45.947Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.857Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:45.944Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 85, + "fields": { + "created": "2021-11-04T09:01:46.093Z", + "updated": null, + "title": "Reflected XSS All Clients (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.595Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:46.090Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06", + "line": 18, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 86, + "fields": { + "created": "2021-11-04T09:01:46.242Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.149Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:46.239Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 87, + "fields": { + "created": "2021-11-04T09:01:46.417Z", + "updated": null, + "title": "Information Exposure Through an Error Message (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.810Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:46.413Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9", + "line": 37, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 88, + "fields": { + "created": "2021-11-04T09:01:46.582Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.718Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:46.579Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be", + "line": 26, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 89, + "fields": { + "created": "2021-11-04T09:01:46.729Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.118Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:46.727Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41", + "line": 56, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 90, + "fields": { + "created": "2021-11-04T09:01:46.883Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.823Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:46.880Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e", + "line": 68, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 91, + "fields": { + "created": "2021-11-04T09:01:47.032Z", + "updated": null, + "title": "CGI Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.391Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:47.029Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 92, + "fields": { + "created": "2021-11-04T09:01:47.169Z", + "updated": null, + "title": "Heap Inspection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.331Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:47.166Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd", + "line": 7, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 93, + "fields": { + "created": "2021-11-04T09:01:47.314Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.478Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.311Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992", + "line": 57, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 94, + "fields": { + "created": "2021-11-04T09:01:47.459Z", + "updated": null, + "title": "Information Exposure Through an Error Message (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.765Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.456Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19", + "line": 70, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 95, + "fields": { + "created": "2021-11-04T09:01:47.615Z", + "updated": null, + "title": "Improper Resource Access Authorization (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.907Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.612Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 96, + "fields": { + "created": "2021-11-04T09:01:47.776Z", + "updated": null, + "title": "CGI Stored XSS (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.439Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:47.772Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d", + "line": 29, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 97, + "fields": { + "created": "2021-11-04T09:01:47.932Z", + "updated": null, + "title": "Blind SQL Injections (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.222Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.928Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31", + "line": 173, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 98, + "fields": { + "created": "2021-11-04T09:01:48.091Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.452Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:48.086Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 99, + "fields": { + "created": "2021-11-04T09:01:48.247Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.685Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:48.245Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b", + "line": 53, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 100, + "fields": { + "created": "2021-11-04T09:01:48.418Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.461Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:48.415Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 101, + "fields": { + "created": "2021-11-04T09:01:48.575Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.251Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:48.572Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 102, + "fields": { + "created": "2021-11-04T09:01:48.732Z", + "updated": null, + "title": "Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.939Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:48.730Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 103, + "fields": { + "created": "2021-11-04T09:01:48.890Z", + "updated": null, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.589Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:48.887Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd", + "line": 65, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 104, + "fields": { + "created": "2021-11-04T09:01:49.061Z", + "updated": null, + "title": "Improper Resource Access Authorization (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.107Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.057Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10", + "line": 14, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 105, + "fields": { + "created": "2021-11-04T09:01:49.230Z", + "updated": null, + "title": "Improper Resource Access Authorization (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.892Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.227Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17", + "line": 14, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 106, + "fields": { + "created": "2021-11-04T09:01:49.390Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.168Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.387Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6", + "line": 40, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 107, + "fields": { + "created": "2021-11-04T09:01:49.553Z", + "updated": null, + "title": "Information Exposure Through an Error Message (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.825Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.551Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2", + "line": 58, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 108, + "fields": { + "created": "2021-11-04T09:01:49.698Z", + "updated": null, + "title": "Blind SQL Injections (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.318Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.693Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 109, + "fields": { + "created": "2021-11-04T09:01:49.847Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.072Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.844Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9", + "line": 45, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 110, + "fields": { + "created": "2021-11-04T09:01:49.992Z", + "updated": null, + "title": "Download of Code Without Integrity Check (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.897Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:49.989Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 111, + "fields": { + "created": "2021-11-04T09:01:50.133Z", + "updated": null, + "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 567, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.338Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.130Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87", + "line": 93, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 112, + "fields": { + "created": "2021-11-04T09:01:50.272Z", + "updated": null, + "title": "Empty Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.753Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.269Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 113, + "fields": { + "created": "2021-11-04T09:01:50.425Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.249Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.422Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 114, + "fields": { + "created": "2021-11-04T09:01:50.583Z", + "updated": null, + "title": "Improper Resource Access Authorization (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.091Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.580Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 115, + "fields": { + "created": "2021-11-04T09:01:50.757Z", + "updated": null, + "title": "Session Fixation (logout.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.561Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:50.754Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10", + "line": 3, + "file_path": "/root/logout.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 116, + "fields": { + "created": "2021-11-04T09:01:50.920Z", + "updated": null, + "title": "Hardcoded Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.130Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:50.913Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 117, + "fields": { + "created": "2021-11-04T09:01:51.100Z", + "updated": null, + "title": "Hardcoded Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.926Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:51.097Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 118, + "fields": { + "created": "2021-11-04T09:01:51.303Z", + "updated": null, + "title": "Improper Resource Access Authorization (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.958Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.299Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 119, + "fields": { + "created": "2021-11-04T09:01:51.529Z", + "updated": null, + "title": "Improper Resource Access Authorization (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.848Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.526Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9", + "line": 91, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 120, + "fields": { + "created": "2021-11-04T09:01:51.704Z", + "updated": null, + "title": "Empty Password in Connection String (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.706Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.700Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 121, + "fields": { + "created": "2021-11-04T09:01:51.884Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.397Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.881Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 122, + "fields": { + "created": "2021-11-04T09:01:52.056Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.414Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.052Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28", + "line": 97, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 123, + "fields": { + "created": "2021-11-04T09:01:52.205Z", + "updated": null, + "title": "Empty Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.613Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.202Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 124, + "fields": { + "created": "2021-11-04T09:01:52.350Z", + "updated": null, + "title": "Information Exposure Through an Error Message (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.718Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.347Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb", + "line": 63, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 125, + "fields": { + "created": "2021-11-04T09:01:52.512Z", + "updated": null, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.763Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:52.508Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88", + "line": 54, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 126, + "fields": { + "created": "2021-11-04T09:01:52.665Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.806Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:52.662Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 127, + "fields": { + "created": "2021-11-04T09:01:52.806Z", + "updated": null, + "title": "HttpOnlyCookies (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.407Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:52.803Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3", + "line": 35, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 128, + "fields": { + "created": "2021-11-04T09:01:52.969Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.196Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.966Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99", + "line": 61, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 129, + "fields": { + "created": "2021-11-04T09:01:53.115Z", + "updated": null, + "title": "Information Exposure Through an Error Message (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.638Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:53.112Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215", + "line": 99, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 130, + "fields": { + "created": "2021-11-04T09:01:53.272Z", + "updated": null, + "title": "Race Condition Format Flaw (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.011Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:53.269Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1", + "line": 51, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 131, + "fields": { + "created": "2021-11-04T09:01:53.428Z", + "updated": null, + "title": "Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.904Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:53.424Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 132, + "fields": { + "created": "2021-11-04T09:01:53.606Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.218Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:53.603Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 133, + "fields": { + "created": "2021-11-04T09:01:53.772Z", + "updated": null, + "title": "Heap Inspection (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.255Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:53.769Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 134, + "fields": { + "created": "2021-11-04T09:01:53.918Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.281Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:53.915Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 135, + "fields": { + "created": "2021-11-04T09:01:54.071Z", + "updated": null, + "title": "Empty Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.473Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:54.068Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 136, + "fields": { + "created": "2021-11-04T09:01:54.219Z", + "updated": null, + "title": "Information Exposure Through an Error Message (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.733Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:54.216Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49", + "line": 98, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 137, + "fields": { + "created": "2021-11-04T09:01:54.406Z", + "updated": null, + "title": "XSRF (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 352, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.841Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:54.403Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 138, + "fields": { + "created": "2021-11-04T09:01:54.584Z", + "updated": null, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.632Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:54.581Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 139, + "fields": { + "created": "2021-11-04T09:01:54.769Z", + "updated": null, + "title": "Improper Resource Access Authorization (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.056Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:54.760Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5", + "line": 29, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 140, + "fields": { + "created": "2021-11-04T09:03:27.312Z", + "updated": null, + "title": "SQL Injection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.706Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:27.309Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 141, + "fields": { + "created": "2021-11-04T09:03:27.478Z", + "updated": null, + "title": "Download of Code Without Integrity Check (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.743Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:27.476Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 142, + "fields": { + "created": "2021-11-04T09:03:27.650Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.873Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:27.647Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 143, + "fields": { + "created": "2021-11-04T09:03:27.832Z", + "updated": null, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.510Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:27.829Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc", + "line": 134, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 144, + "fields": { + "created": "2021-11-04T09:03:27.993Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.315Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:27.990Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27", + "line": 25, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 145, + "fields": { + "created": "2021-11-04T09:03:28.179Z", + "updated": null, + "title": "Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.470Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:28.177Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 146, + "fields": { + "created": "2021-11-04T09:03:28.355Z", + "updated": null, + "title": "HttpOnlyCookies (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.437Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:28.351Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924", + "line": 46, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 147, + "fields": { + "created": "2021-11-04T09:03:28.525Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.359Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:28.522Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 148, + "fields": { + "created": "2021-11-04T09:03:28.692Z", + "updated": null, + "title": "Hardcoded Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.175Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:28.689Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 149, + "fields": { + "created": "2021-11-04T09:03:28.867Z", + "updated": null, + "title": "Client Insecure Randomness (encryption.js)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.365Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:28.864Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6", + "line": 127, + "file_path": "/root/js/encryption.js", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 150, + "fields": { + "created": "2021-11-04T09:03:29.039Z", + "updated": null, + "title": "SQL Injection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.675Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:29.036Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 151, + "fields": { + "created": "2021-11-04T09:03:29.194Z", + "updated": null, + "title": "Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.756Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:29.190Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 152, + "fields": { + "created": "2021-11-04T09:03:29.361Z", + "updated": null, + "title": "CGI Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.470Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:29.358Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 153, + "fields": { + "created": "2021-11-04T09:03:29.549Z", + "updated": null, + "title": "Not Using a Random IV With CBC Mode (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 329, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.919Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:29.547Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c", + "line": 96, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 154, + "fields": { + "created": "2021-11-04T09:03:29.701Z", + "updated": null, + "title": "Collapse of Data Into Unsafe Value (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 182, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.411Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:29.698Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 155, + "fields": { + "created": "2021-11-04T09:03:29.850Z", + "updated": null, + "title": "Stored Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 646, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.244Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:29.848Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 156, + "fields": { + "created": "2021-11-04T09:03:29.992Z", + "updated": null, + "title": "Hardcoded Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.069Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:29.989Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 157, + "fields": { + "created": "2021-11-04T09:03:30.139Z", + "updated": null, + "title": "Blind SQL Injections (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.270Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:30.136Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 158, + "fields": { + "created": "2021-11-04T09:03:30.281Z", + "updated": null, + "title": "Heap Inspection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.316Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:30.279Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e", + "line": 10, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 159, + "fields": { + "created": "2021-11-04T09:03:30.451Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.624Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:30.448Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195", + "line": 24, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 160, + "fields": { + "created": "2021-11-04T09:03:30.598Z", + "updated": null, + "title": "Trust Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 501, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.593Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:30.594Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 161, + "fields": { + "created": "2021-11-04T09:03:30.754Z", + "updated": null, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.557Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:30.751Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00", + "line": 53, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 162, + "fields": { + "created": "2021-11-04T09:03:30.913Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.056Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:30.910Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717", + "line": 280, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 163, + "fields": { + "created": "2021-11-04T09:03:31.075Z", + "updated": null, + "title": "Empty Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.658Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.073Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 164, + "fields": { + "created": "2021-11-04T09:03:31.228Z", + "updated": null, + "title": "Improper Resource Access Authorization (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.993Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.225Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 165, + "fields": { + "created": "2021-11-04T09:03:31.382Z", + "updated": null, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.567Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:31.379Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 166, + "fields": { + "created": "2021-11-04T09:03:31.524Z", + "updated": null, + "title": "Hardcoded Password in Connection String (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.160Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:31.520Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 167, + "fields": { + "created": "2021-11-04T09:03:31.675Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.484Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:31.672Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 168, + "fields": { + "created": "2021-11-04T09:03:31.824Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.153Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.821Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08", + "line": 130, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 169, + "fields": { + "created": "2021-11-04T09:03:31.976Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.181Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.973Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03", + "line": 56, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 170, + "fields": { + "created": "2021-11-04T09:03:32.130Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.313Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.127Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800", + "line": 78, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 171, + "fields": { + "created": "2021-11-04T09:03:32.275Z", + "updated": null, + "title": "Suspected XSS (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.291Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:32.272Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17", + "line": 57, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 172, + "fields": { + "created": "2021-11-04T09:03:32.427Z", + "updated": null, + "title": "Hardcoded Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.006Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.424Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 173, + "fields": { + "created": "2021-11-04T09:03:32.579Z", + "updated": null, + "title": "Hardcoded Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.022Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.576Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 174, + "fields": { + "created": "2021-11-04T09:03:32.750Z", + "updated": null, + "title": "Empty Password in Connection String (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.691Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:32.746Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 175, + "fields": { + "created": "2021-11-04T09:03:32.910Z", + "updated": null, + "title": "Download of Code Without Integrity Check (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.711Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.906Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 176, + "fields": { + "created": "2021-11-04T09:03:33.073Z", + "updated": null, + "title": "Information Exposure Through an Error Message (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.670Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.071Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63", + "line": 41, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 177, + "fields": { + "created": "2021-11-04T09:03:33.230Z", + "updated": null, + "title": "SQL Injection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.644Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:33.227Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 178, + "fields": { + "created": "2021-11-04T09:03:33.396Z", + "updated": null, + "title": "Empty Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.427Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.392Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 179, + "fields": { + "created": "2021-11-04T09:03:33.589Z", + "updated": null, + "title": "CGI Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.535Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:33.583Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 180, + "fields": { + "created": "2021-11-04T09:03:33.758Z", + "updated": null, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 315, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.948Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.755Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 181, + "fields": { + "created": "2021-11-04T09:03:33.921Z", + "updated": null, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.622Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.917Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c", + "line": 75, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 182, + "fields": { + "created": "2021-11-04T09:03:34.101Z", + "updated": null, + "title": "Hardcoded Password in Connection String (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.974Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.096Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f", + "line": 1, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 183, + "fields": { + "created": "2021-11-04T09:03:34.261Z", + "updated": null, + "title": "Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.741Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:34.258Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 184, + "fields": { + "created": "2021-11-04T09:03:34.457Z", + "updated": null, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.615Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.454Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4", + "line": 1, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 185, + "fields": { + "created": "2021-11-04T09:03:34.632Z", + "updated": null, + "title": "Empty Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.597Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:34.627Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 186, + "fields": { + "created": "2021-11-04T09:03:34.811Z", + "updated": null, + "title": "Heap Inspection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.286Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.807Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2", + "line": 8, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 187, + "fields": { + "created": "2021-11-04T09:03:34.992Z", + "updated": null, + "title": "Download of Code Without Integrity Check (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.804Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.989Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 188, + "fields": { + "created": "2021-11-04T09:03:35.146Z", + "updated": null, + "title": "Session Fixation (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.531Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:35.143Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21", + "line": 48, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 189, + "fields": { + "created": "2021-11-04T09:03:35.308Z", + "updated": null, + "title": "Stored XSS (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.955Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:35.305Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c", + "line": 49, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 190, + "fields": { + "created": "2021-11-04T09:03:35.488Z", + "updated": null, + "title": "Empty Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.489Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:35.484Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 191, + "fields": { + "created": "2021-11-04T09:03:35.655Z", + "updated": null, + "title": "Hardcoded Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.099Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:35.652Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 192, + "fields": { + "created": "2021-11-04T09:03:35.814Z", + "updated": null, + "title": "Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.515Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:35.811Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 193, + "fields": { + "created": "2021-11-04T09:03:35.984Z", + "updated": null, + "title": "HttpOnlyCookies (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.361Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:35.980Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932", + "line": 38, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 194, + "fields": { + "created": "2021-11-04T09:03:36.152Z", + "updated": null, + "title": "Download of Code Without Integrity Check (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.851Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:36.148Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 195, + "fields": { + "created": "2021-11-04T09:03:36.364Z", + "updated": null, + "title": "Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.870Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:36.359Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 196, + "fields": { + "created": "2021-11-04T09:03:36.557Z", + "updated": null, + "title": "Empty Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.567Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:36.552Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 197, + "fields": { + "created": "2021-11-04T09:03:36.760Z", + "updated": null, + "title": "Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.563Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:36.756Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 198, + "fields": { + "created": "2021-11-04T09:03:36.944Z", + "updated": null, + "title": "Improper Resource Access Authorization (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.009Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:36.938Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628", + "line": 42, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 199, + "fields": { + "created": "2021-11-04T09:03:37.131Z", + "updated": null, + "title": "Download of Code Without Integrity Check (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.773Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:37.127Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 200, + "fields": { + "created": "2021-11-04T09:03:37.335Z", + "updated": null, + "title": "Download of Code Without Integrity Check (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.866Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:37.333Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 201, + "fields": { + "created": "2021-11-04T09:03:37.529Z", + "updated": null, + "title": "Improper Resource Access Authorization (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.815Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:37.526Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f", + "line": 55, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 202, + "fields": { + "created": "2021-11-04T09:03:37.704Z", + "updated": null, + "title": "Race Condition Format Flaw (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.995Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:37.701Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a", + "line": 262, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 203, + "fields": { + "created": "2021-11-04T09:03:37.904Z", + "updated": null, + "title": "Empty Password in Connection String (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.536Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:37.900Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e", + "line": 89, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 204, + "fields": { + "created": "2021-11-04T09:03:38.097Z", + "updated": null, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.769Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:38.093Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725", + "line": 31, + "file_path": "/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 205, + "fields": { + "created": "2021-11-04T09:03:38.273Z", + "updated": null, + "title": "Suspected XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.260Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:38.265Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 206, + "fields": { + "created": "2021-11-04T09:03:38.494Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.655Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:38.480Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 207, + "fields": { + "created": "2021-11-04T09:03:38.726Z", + "updated": null, + "title": "CGI Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.501Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:38.720Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 208, + "fields": { + "created": "2021-11-04T09:03:38.922Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.363Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:38.918Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 209, + "fields": { + "created": "2021-11-04T09:03:39.098Z", + "updated": null, + "title": "Download of Code Without Integrity Check (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.695Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:39.095Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2", + "line": 87, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 210, + "fields": { + "created": "2021-11-04T09:03:39.259Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.234Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:39.256Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 211, + "fields": { + "created": "2021-11-04T09:03:39.465Z", + "updated": null, + "title": "Blind SQL Injections (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.255Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:39.461Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 212, + "fields": { + "created": "2021-11-04T09:03:39.630Z", + "updated": null, + "title": "Client DOM Open Redirect (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 601, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.350Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:39.627Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93", + "line": 48, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 213, + "fields": { + "created": "2021-11-04T09:03:39.787Z", + "updated": null, + "title": "Hardcoded Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.224Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:39.784Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 214, + "fields": { + "created": "2021-11-04T09:03:39.936Z", + "updated": null, + "title": "CGI Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.423Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:39.933Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 215, + "fields": { + "created": "2021-11-04T09:03:40.133Z", + "updated": null, + "title": "Use of Insufficiently Random Values (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.809Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:40.129Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 216, + "fields": { + "created": "2021-11-04T09:03:40.291Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.889Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:40.288Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 217, + "fields": { + "created": "2021-11-04T09:03:40.455Z", + "updated": null, + "title": "Reflected XSS All Clients (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.578Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:40.452Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06", + "line": 18, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 218, + "fields": { + "created": "2021-11-04T09:03:40.624Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.134Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:40.621Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 219, + "fields": { + "created": "2021-11-04T09:03:40.780Z", + "updated": null, + "title": "Information Exposure Through an Error Message (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.795Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:40.777Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9", + "line": 37, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 220, + "fields": { + "created": "2021-11-04T09:03:40.990Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.732Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:40.984Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be", + "line": 26, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 221, + "fields": { + "created": "2021-11-04T09:03:41.162Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.103Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:41.158Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41", + "line": 56, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 222, + "fields": { + "created": "2021-11-04T09:03:41.406Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.839Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:41.402Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e", + "line": 68, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 223, + "fields": { + "created": "2021-11-04T09:03:41.600Z", + "updated": null, + "title": "CGI Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.375Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:41.596Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 224, + "fields": { + "created": "2021-11-04T09:03:41.772Z", + "updated": null, + "title": "Heap Inspection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.345Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:41.769Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd", + "line": 7, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 225, + "fields": { + "created": "2021-11-04T09:03:41.947Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.493Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:41.944Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992", + "line": 57, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 226, + "fields": { + "created": "2021-11-04T09:03:42.129Z", + "updated": null, + "title": "Information Exposure Through an Error Message (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.780Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:42.126Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19", + "line": 70, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 227, + "fields": { + "created": "2021-11-04T09:03:42.301Z", + "updated": null, + "title": "Improper Resource Access Authorization (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.922Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:42.296Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 228, + "fields": { + "created": "2021-11-04T09:03:42.482Z", + "updated": null, + "title": "CGI Stored XSS (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.455Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:42.479Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d", + "line": 29, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 229, + "fields": { + "created": "2021-11-04T09:03:42.670Z", + "updated": null, + "title": "Blind SQL Injections (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.204Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:42.667Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31", + "line": 173, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 230, + "fields": { + "created": "2021-11-04T09:03:42.875Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.469Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:42.855Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 231, + "fields": { + "created": "2021-11-04T09:03:43.252Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.702Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:43.249Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b", + "line": 53, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 232, + "fields": { + "created": "2021-11-04T09:03:43.521Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.445Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:43.516Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 233, + "fields": { + "created": "2021-11-04T09:03:43.816Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.266Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:43.811Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 234, + "fields": { + "created": "2021-11-04T09:03:44.090Z", + "updated": null, + "title": "Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.922Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:44.082Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 235, + "fields": { + "created": "2021-11-04T09:03:44.309Z", + "updated": null, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.573Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.305Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd", + "line": 65, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 236, + "fields": { + "created": "2021-11-04T09:03:44.506Z", + "updated": null, + "title": "Improper Resource Access Authorization (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.123Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.500Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10", + "line": 14, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 237, + "fields": { + "created": "2021-11-04T09:03:44.703Z", + "updated": null, + "title": "Improper Resource Access Authorization (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.876Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.700Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17", + "line": 14, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 238, + "fields": { + "created": "2021-11-04T09:03:44.936Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.185Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.930Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6", + "line": 40, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 239, + "fields": { + "created": "2021-11-04T09:03:45.150Z", + "updated": null, + "title": "Information Exposure Through an Error Message (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.841Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:45.147Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2", + "line": 58, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 240, + "fields": { + "created": "2021-11-04T09:03:45.387Z", + "updated": null, + "title": "Blind SQL Injections (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.302Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:45.382Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 241, + "fields": { + "created": "2021-11-04T09:03:45.588Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.087Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:45.583Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9", + "line": 45, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 242, + "fields": { + "created": "2021-11-04T09:03:45.816Z", + "updated": null, + "title": "Download of Code Without Integrity Check (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.911Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:45.806Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 243, + "fields": { + "created": "2021-11-04T09:03:46.040Z", + "updated": null, + "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 567, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.322Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.034Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87", + "line": 93, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 244, + "fields": { + "created": "2021-11-04T09:03:46.325Z", + "updated": null, + "title": "Empty Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.738Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.316Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 245, + "fields": { + "created": "2021-11-04T09:03:46.571Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.201Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.567Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 246, + "fields": { + "created": "2021-11-04T09:03:46.801Z", + "updated": null, + "title": "Improper Resource Access Authorization (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.074Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.793Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 247, + "fields": { + "created": "2021-11-04T09:03:47.007Z", + "updated": null, + "title": "Session Fixation (logout.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.546Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:47.002Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10", + "line": 3, + "file_path": "/root/logout.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 248, + "fields": { + "created": "2021-11-04T09:03:47.229Z", + "updated": null, + "title": "Hardcoded Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.115Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:47.225Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 249, + "fields": { + "created": "2021-11-04T09:03:47.445Z", + "updated": null, + "title": "Hardcoded Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.942Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:47.440Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 250, + "fields": { + "created": "2021-11-04T09:03:47.662Z", + "updated": null, + "title": "Improper Resource Access Authorization (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.938Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:47.659Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 251, + "fields": { + "created": "2021-11-04T09:03:47.867Z", + "updated": null, + "title": "Improper Resource Access Authorization (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.862Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:47.864Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9", + "line": 91, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 252, + "fields": { + "created": "2021-11-04T09:03:48.018Z", + "updated": null, + "title": "Empty Password in Connection String (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.722Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.015Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 253, + "fields": { + "created": "2021-11-04T09:03:48.175Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.380Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.171Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 254, + "fields": { + "created": "2021-11-04T09:03:48.382Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.429Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.378Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28", + "line": 97, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 255, + "fields": { + "created": "2021-11-04T09:03:48.563Z", + "updated": null, + "title": "Empty Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.628Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.560Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 256, + "fields": { + "created": "2021-11-04T09:03:48.761Z", + "updated": null, + "title": "Information Exposure Through an Error Message (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.702Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.755Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb", + "line": 63, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 257, + "fields": { + "created": "2021-11-04T09:03:48.957Z", + "updated": null, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.748Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:48.954Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88", + "line": 54, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 258, + "fields": { + "created": "2021-11-04T09:03:49.162Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.788Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:49.157Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 259, + "fields": { + "created": "2021-11-04T09:03:49.539Z", + "updated": null, + "title": "HttpOnlyCookies (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.391Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:49.535Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3", + "line": 35, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 260, + "fields": { + "created": "2021-11-04T09:03:49.721Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.211Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:49.716Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99", + "line": 61, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 261, + "fields": { + "created": "2021-11-04T09:03:49.927Z", + "updated": null, + "title": "Information Exposure Through an Error Message (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.654Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:49.923Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215", + "line": 99, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 262, + "fields": { + "created": "2021-11-04T09:03:50.136Z", + "updated": null, + "title": "Race Condition Format Flaw (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.026Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:50.131Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1", + "line": 51, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 263, + "fields": { + "created": "2021-11-04T09:03:50.351Z", + "updated": null, + "title": "Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.887Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:50.345Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 264, + "fields": { + "created": "2021-11-04T09:03:50.575Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.282Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:50.571Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 265, + "fields": { + "created": "2021-11-04T09:03:50.779Z", + "updated": null, + "title": "Heap Inspection (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.240Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:50.772Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 266, + "fields": { + "created": "2021-11-04T09:03:50.992Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.298Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:50.988Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 267, + "fields": { + "created": "2021-11-04T09:03:51.212Z", + "updated": null, + "title": "Empty Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.458Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:51.206Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 268, + "fields": { + "created": "2021-11-04T09:03:51.383Z", + "updated": null, + "title": "Information Exposure Through an Error Message (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.749Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:51.380Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49", + "line": 98, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 269, + "fields": { + "created": "2021-11-04T09:03:51.544Z", + "updated": null, + "title": "XSRF (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 352, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.824Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:51.541Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 270, + "fields": { + "created": "2021-11-04T09:03:51.721Z", + "updated": null, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.648Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:51.719Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 271, + "fields": { + "created": "2021-11-04T09:03:51.877Z", + "updated": null, + "title": "Improper Resource Access Authorization (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.041Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:51.872Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5", + "line": 29, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 272, + "fields": { + "created": "2021-11-04T09:03:52.049Z", + "updated": null, + "title": "Download of Code Without Integrity Check (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.664Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:52.046Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e", + "line": 1, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 273, + "fields": { + "created": "2021-11-04T09:03:52.209Z", + "updated": null, + "title": "Improper Resource Access Authorization (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.800Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:52.205Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099", + "line": 12, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 274, + "fields": { + "created": "2021-11-04T09:03:52.388Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.609Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:52.385Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2", + "line": 54, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 275, + "fields": { + "created": "2021-11-04T09:03:52.571Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.298Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:52.568Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b", + "line": 29, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 276, + "fields": { + "created": "2021-11-04T09:03:52.771Z", + "updated": null, + "title": "Reflected XSS All Clients (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.531Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:52.766Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e", + "line": 78, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 277, + "fields": { + "created": "2021-11-04T09:03:52.938Z", + "updated": null, + "title": "Use of Insufficiently Random Values (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.778Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:52.933Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a", + "line": 24, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 278, + "fields": { + "created": "2021-11-04T09:03:53.124Z", + "updated": null, + "title": "SQL Injection (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.612Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:53.121Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9", + "line": 173, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 279, + "fields": { + "created": "2021-11-04T09:36:25.003Z", + "updated": null, + "title": "Test", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "No url given", + "severity": "Info", + "description": "asdf", + "mitigation": "adf", + "fix_available": null, + "fix_version": null, + "impact": "asdf", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "No references given", + "test": 19, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.675Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 3 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 280, + "fields": { + "created": "2021-11-05T06:44:35.863Z", + "updated": null, + "title": "Notepad++.exe | CVE-2007-2666", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 1035, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n", + "test": 25, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.440Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:44:35.859Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a", + "line": null, + "file_path": "notepad++.exe", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 17 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 281, + "fields": { + "created": "2021-11-05T06:44:36.140Z", + "updated": null, + "title": "Notepad++.exe | CVE-2008-3436", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 1035, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n", + "test": 25, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.456Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:44:36.137Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb", + "line": null, + "file_path": "notepad++.exe", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 17 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 282, + "fields": { + "created": "2021-11-05T06:46:06.484Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.352Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:06.480Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 283, + "fields": { + "created": "2021-11-05T06:46:06.676Z", + "updated": null, + "title": ".NET Debugging Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.001Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T06:46:06.674Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 284, + "fields": { + "created": "2021-11-05T06:46:06.857Z", + "updated": null, + "title": "URL Request Gets Path From Variable", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.127Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:46:06.854Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 285, + "fields": { + "created": "2021-11-05T06:46:07.054Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.513Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.052Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 286, + "fields": { + "created": "2021-11-05T06:46:07.234Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.481Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.231Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 287, + "fields": { + "created": "2021-11-05T06:46:07.429Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.467Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.426Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 288, + "fields": { + "created": "2021-11-05T06:46:07.619Z", + "updated": null, + "title": ".NET Debugging Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.986Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T06:46:07.616Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 289, + "fields": { + "created": "2021-11-05T06:46:07.818Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.452Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.815Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 290, + "fields": { + "created": "2021-11-05T06:46:08.024Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.438Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.021Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 291, + "fields": { + "created": "2021-11-05T06:46:08.214Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.423Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.212Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 292, + "fields": { + "created": "2021-11-05T06:46:08.407Z", + "updated": null, + "title": "URL Request Gets Path From Variable", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.157Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:46:08.405Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 293, + "fields": { + "created": "2021-11-05T06:46:08.576Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.408Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.574Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 294, + "fields": { + "created": "2021-11-05T06:46:08.774Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.395Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.770Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 295, + "fields": { + "created": "2021-11-05T06:46:08.994Z", + "updated": null, + "title": "URL Request Gets Path From Variable", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.142Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:46:08.991Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 296, + "fields": { + "created": "2021-11-05T06:46:09.157Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.528Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.155Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 297, + "fields": { + "created": "2021-11-05T06:46:09.337Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.496Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.334Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 298, + "fields": { + "created": "2021-11-05T06:46:09.514Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.381Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.511Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 299, + "fields": { + "created": "2021-11-05T06:46:09.700Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.366Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.697Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 300, + "fields": { + "created": "2021-11-05T06:47:17.890Z", + "updated": null, + "title": "Password Field With Autocomplete Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", + "mitigation": "\n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n", + "fix_available": null, + "fix_version": null, + "impact": "Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.095Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 301, + "fields": { + "created": "2021-11-05T06:47:18.169Z", + "updated": null, + "title": "Frameable Response (Potential Clickjacking)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", + "mitigation": "\n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n", + "fix_available": null, + "fix_version": null, + "impact": "If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.606Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 302, + "fields": { + "created": "2021-11-05T06:47:18.645Z", + "updated": null, + "title": "Cross-Site Scripting (Reflected)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "fix_available": null, + "fix_version": null, + "impact": "Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.375Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 303, + "fields": { + "created": "2021-11-05T06:47:18.860Z", + "updated": null, + "title": "Unencrypted Communications", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n", + "fix_available": null, + "fix_version": null, + "impact": "The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.173Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 304, + "fields": { + "created": "2021-11-05T06:47:19.072Z", + "updated": null, + "title": "Password Returned in Later Response", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", + "mitigation": "\n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.078Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 305, + "fields": { + "created": "2021-11-05T06:47:19.278Z", + "updated": null, + "title": "Email Addresses Disclosed", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", + "mitigation": "\n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n", + "fix_available": null, + "fix_version": null, + "impact": "The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.590Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 306, + "fields": { + "created": "2021-11-05T06:47:19.559Z", + "updated": null, + "title": "Cross-Site Request Forgery", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", + "mitigation": "\n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n", + "fix_available": null, + "fix_version": null, + "impact": "Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.543Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 307, + "fields": { + "created": "2021-11-05T06:47:19.783Z", + "updated": null, + "title": "SQL Injection", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", + "mitigation": "The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.422Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 308, + "fields": { + "created": "2021-11-05T06:47:20.049Z", + "updated": null, + "title": "Path-Relative Style Sheet Import", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.639Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 309, + "fields": { + "created": "2021-11-05T06:47:20.461Z", + "updated": null, + "title": "Cleartext Submission of Password", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.346Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 310, + "fields": { + "created": "2021-11-05T07:07:18.067Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.187Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:18.064Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 311, + "fields": { + "created": "2021-11-05T07:07:18.320Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.219Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:18.317Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 312, + "fields": { + "created": "2021-11-05T07:07:18.592Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.981Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:18.590Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 313, + "fields": { + "created": "2021-11-05T07:07:18.815Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.951Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:18.813Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 314, + "fields": { + "created": "2021-11-05T07:07:19.003Z", + "updated": null, + "title": "SQL String Formatting-G201", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.094Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:19Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/sqli/function.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 315, + "fields": { + "created": "2021-11-05T07:07:19.202Z", + "updated": null, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.017Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:19.199Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5", + "line": null, + "file_path": "/vagrant/go/src/govwa/user/user.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 316, + "fields": { + "created": "2021-11-05T07:07:19.412Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.997Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:19.409Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 317, + "fields": { + "created": "2021-11-05T07:07:19.621Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.935Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:19.618Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 318, + "fields": { + "created": "2021-11-05T07:07:19.850Z", + "updated": null, + "title": "Use of Weak Cryptographic Primitive-G401", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.140Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:19.848Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 319, + "fields": { + "created": "2021-11-05T07:07:20.057Z", + "updated": null, + "title": "Use of Weak Cryptographic Primitive-G401", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.124Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:20.054Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4", + "line": null, + "file_path": "/vagrant/go/src/govwa/user/user.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 320, + "fields": { + "created": "2021-11-05T07:07:20.248Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.966Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.246Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/template.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 321, + "fields": { + "created": "2021-11-05T07:07:20.441Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.889Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.438Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/middleware/middleware.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 322, + "fields": { + "created": "2021-11-05T07:07:20.634Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.048Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.631Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/middleware/middleware.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 323, + "fields": { + "created": "2021-11-05T07:07:20.811Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.857Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.808Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95", + "line": null, + "file_path": "/vagrant/go/src/govwa/app.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 324, + "fields": { + "created": "2021-11-05T07:07:21.004Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.236Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.002Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 325, + "fields": { + "created": "2021-11-05T07:07:21.191Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.203Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.189Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 326, + "fields": { + "created": "2021-11-05T07:07:21.369Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.904Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:21.366Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed", + "line": null, + "file_path": "/vagrant/go/src/govwa/setting/setting.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 327, + "fields": { + "created": "2021-11-05T07:07:21.561Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.919Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:21.559Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed", + "line": null, + "file_path": "/vagrant/go/src/govwa/setting/setting.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 328, + "fields": { + "created": "2021-11-05T07:07:21.744Z", + "updated": null, + "title": "Use of Weak Cryptographic Primitive-G401", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.109Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.741Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 329, + "fields": { + "created": "2021-11-05T07:07:21.930Z", + "updated": null, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.032Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.928Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 330, + "fields": { + "created": "2021-11-05T07:07:22.124Z", + "updated": null, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.048Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:22.121Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 331, + "fields": { + "created": "2021-11-05T07:07:22.308Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.014Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:22.306Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/cookie.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 332, + "fields": { + "created": "2021-11-05T07:07:22.551Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.873Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:22.548Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 333, + "fields": { + "created": "2021-11-05T07:07:22.773Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.156Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:22.771Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 334, + "fields": { + "created": "2021-11-05T07:07:22.989Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.081Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:22.986Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 335, + "fields": { + "created": "2021-11-05T07:07:23.204Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.065Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:23.200Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa", + "line": null, + "file_path": "/vagrant/go/src/govwa/user/user.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 336, + "fields": { + "created": "2021-11-05T07:07:23.489Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.030Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:23.486Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/template.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 337, + "fields": { + "created": "2021-11-05T07:07:23.721Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.172Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:23.717Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/template.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 338, + "fields": { + "created": "2021-11-05T10:43:05.946Z", + "updated": null, + "title": "Password Field With Autocomplete Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", + "mitigation": "\n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n", + "fix_available": null, + "fix_version": null, + "impact": "Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.111Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T10:43:05.943Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 339, + "fields": { + "created": "2021-11-05T10:43:06.237Z", + "updated": null, + "title": "Frameable Response (Potential Clickjacking)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", + "mitigation": "\n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n", + "fix_available": null, + "fix_version": null, + "impact": "If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.622Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:06.233Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 340, + "fields": { + "created": "2021-11-05T10:43:06.742Z", + "updated": null, + "title": "Cross-Site Scripting (Reflected)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "fix_available": null, + "fix_version": null, + "impact": "Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.391Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T10:43:06.738Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 341, + "fields": { + "created": "2021-11-05T10:43:07.038Z", + "updated": null, + "title": "Unencrypted Communications", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n", + "fix_available": null, + "fix_version": null, + "impact": "The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.189Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T10:43:07.036Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 342, + "fields": { + "created": "2021-11-05T10:43:07.297Z", + "updated": null, + "title": "Password Returned in Later Response", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", + "mitigation": "\n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.063Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T10:43:07.294Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 343, + "fields": { + "created": "2021-11-05T10:43:07.547Z", + "updated": null, + "title": "Email Addresses Disclosed", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", + "mitigation": "\n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n", + "fix_available": null, + "fix_version": null, + "impact": "The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.575Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:07.545Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 344, + "fields": { + "created": "2021-11-05T10:43:07.888Z", + "updated": null, + "title": "Cross-Site Request Forgery", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", + "mitigation": "\n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n", + "fix_available": null, + "fix_version": null, + "impact": "Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.559Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:07.885Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 345, + "fields": { + "created": "2021-11-05T10:43:08.144Z", + "updated": null, + "title": "SQL Injection", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", + "mitigation": "The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.406Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T10:43:08.140Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 346, + "fields": { + "created": "2021-11-05T10:43:08.440Z", + "updated": null, + "title": "Path-Relative Style Sheet Import", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.658Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:08.437Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 347, + "fields": { + "created": "2021-11-05T10:43:08.906Z", + "updated": null, + "title": "Cleartext Submission of Password", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.360Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T10:43:08.902Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.stub_finding", + "pk": 2, + "fields": { + "title": "test stub finding 1", + "date": "2021-03-09", + "severity": "High", + "description": "test stub finding", + "test": 3, + "reporter": [ + "admin" + ] + } +}, +{ + "model": "dojo.stub_finding", + "pk": 3, + "fields": { + "title": "test stub finding 2", + "date": "2021-03-09", + "severity": "High", + "description": "test stub finding", + "test": 14, + "reporter": [ + "admin" + ] + } +}, +{ + "model": "dojo.stub_finding", + "pk": 4, + "fields": { + "title": "test stub finding 3", + "date": "2021-03-09", + "severity": "High", + "description": "test stub finding", + "test": 13, + "reporter": [ + "admin" + ] + } +}, +{ + "model": "dojo.finding_template", + "pk": 1, + "fields": { + "title": "XSS template", + "cwe": null, + "cve": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "severity": "High", + "description": "XSS test template", + "mitigation": "", + "impact": "", + "references": "", + "last_used": null, + "numerical_severity": null, + "fix_available": null, + "fix_version": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "steps_to_reproduce": null, + "severity_justification": null, + "component_name": null, + "component_version": null, + "notes": null, + "vulnerability_ids_text": null, + "endpoints_text": null, + "tags": [] + } +}, +{ + "model": "dojo.finding_template", + "pk": 2, + "fields": { + "title": "SQLi template", + "cwe": null, + "cve": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "severity": "High", + "description": "SQLi test template", + "mitigation": "", + "impact": "", + "references": "", + "last_used": null, + "numerical_severity": null, + "fix_available": null, + "fix_version": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "steps_to_reproduce": null, + "severity_justification": null, + "component_name": null, + "component_version": null, + "notes": null, + "vulnerability_ids_text": null, + "endpoints_text": null, + "tags": [] + } +}, +{ + "model": "dojo.finding_template", + "pk": 3, + "fields": { + "title": "CSRF template", + "cwe": null, + "cve": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "severity": "MEDIUM", + "description": "CSRF test template", + "mitigation": "", + "impact": "", + "references": "", + "last_used": null, + "numerical_severity": null, + "fix_available": null, + "fix_version": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "steps_to_reproduce": null, + "severity_justification": null, + "component_name": null, + "component_version": null, + "notes": null, + "vulnerability_ids_text": null, + "endpoints_text": null, + "tags": [] + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 1, + "fields": { + "finding": 300, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 2, + "fields": { + "finding": 300, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 3, + "fields": { + "finding": 300, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 4, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 5, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 6, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 7, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 8, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 9, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 10, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 11, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 12, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 13, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 14, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 15, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 16, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 17, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 18, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 19, + "fields": { + "finding": 302, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiWGxtTVRNMlBITmpjbWx3ZEQ1aGJHVnlkQ2d4S1R3bE1tWnpZM0pwY0hRK2FteGxaSFVtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nWWw5cFpEME5Da052Ym5SbGJuUXRWSGx3WlRvZ2RHVjRkQzlvZEcxc08yTm9ZWEp6WlhROVNWTlBMVGc0TlRrdE1RMEtRMjl1ZEdWdWRDMU1aVzVuZEdnNklESXdORGtOQ2tSaGRHVTZJRk5oZEN3Z01qY2dRWFZuSURJd01UWWdNREk2TVRJNk1UVWdSMDFVRFFwRGIyNXVaV04wYVc5dU9pQmpiRzl6WlEwS0RRb0tDZ29LQ2dvS0NnbzhJVVJQUTFSWlVFVWdTRlJOVENCUVZVSk1TVU1nSWkwdkwxY3pReTh2UkZSRUlFaFVUVXdnTXk0eUx5OUZUaUkrQ2p4b2RHMXNQZ284YUdWaFpENEtQSFJwZEd4bFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOTBhWFJzWlQ0S1BHeHBibXNnYUhKbFpqMGljM1I1YkdVdVkzTnpJaUJ5Wld3OUluTjBlV3hsYzJobFpYUWlJSFI1Y0dVOUluUmxlSFF2WTNOeklpQXZQZ284YzJOeWFYQjBJSFI1Y0dVOUluUmxlSFF2YW1GMllYTmpjbWx3ZENJZ2MzSmpQU0l1TDJwekwzVjBhV3d1YW5NaVBqd3ZjMk55YVhCMFBnbzhMMmhsWVdRK0NqeGliMlI1UGdvS1BHTmxiblJsY2o0S1BIUmhZbXhsSUhkcFpIUm9QU0k0TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4SU1UNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZTREUrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005WENKdWIySnZjbVJsY2x3aVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSTBNQ1VpUGxkbElHSnZaR2RsSUdsMExDQnpieUI1YjNVZ1pHOXVkQ0JvWVhabElIUnZJVHd2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRDRLVlhObGNqb2dQR0VnYUhKbFpqMGljR0Z6YzNkdmNtUXVhbk53SWo1MFpYTjBRSFJsYzNRdVkyOXRlV1l4TXpZOGMyTnlhWEIwUG1Gc1pYSjBLREVwUEM5elkzSnBjSFErYW14bFpIVThMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 20, + "fields": { + "finding": 302, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQS9jVDAxTlRVdE5UVTFMVEF4T1RsQVpYaGhiWEJzWlM1amIyMXJPR1owYnp4elkzSnBjSFErWVd4bGNuUW9NU2s4SlRKbWMyTnlhWEIwUG01M2VETnNJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qRXdOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhZajVaYjNVZ2MyVmhjbU5vWldRZ1ptOXlPand2WWo0Z05UVTFMVFUxTlMwd01UazVRR1Y0WVcxd2JHVXVZMjl0YXpobWRHODhjMk55YVhCMFBtRnNaWEowS0RFcFBDOXpZM0pwY0hRK2JuZDRNMnc4WW5JdlBqeGljaTgrQ2p4a2FYWStQR0krVG04Z1VtVnpkV3gwY3lCR2IzVnVaRHd2WWo0OEwyUnBkajRLQ2p3dlptOXVkRDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 21, + "fields": { + "finding": 304, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 22, + "fields": { + "finding": 305, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkQ1UwTUhSbGMzUXVZMjl0Sm5CaGMzTjNiM0prTVQxMFpYTjBNVEl6Sm5CaGMzTjNiM0prTWoxMFpYTjBNVEl6", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qQXhOQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1RveU5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5SbGMzUkFkR1Z6ZEM1amIyMDhMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 23, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXlOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVQZFhJZ1FtVnpkQ0JFWldGc2N5RThMMmd6UGdvOFkyVnVkR1Z5UGp4MFlXSnNaU0JpYjNKa1pYSTlJakVpSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGxCeWIyUjFZM1E4TDNSb1BqeDBhRDVVZVhCbFBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1Bqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU5TSStSMW9nU3pjM1BDOWhQand2ZEdRK1BIUmtQa2RwZW0xdmN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU1EVThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TlNJK1ZHaHBibWRwWlNBeVBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU55SStSRzl2SUdSaGFDQmtZWGs4TDJFK1BDOTBaRDQ4ZEdRK1JHOXZaR0ZvY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRFl1TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNallpUGxwcGNDQmhJR1JsWlNCa2IyOGdaR0ZvUEM5aFBqd3ZkR1ErUEhSa1BrUnZiMlJoYUhNOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF6TGprNVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEk1SWo1VWFYQnZabTE1ZEc5dVozVmxQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamMwUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BURTNJajVYYUdGMGMybDBJR05oYkd4bFpEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1UVWlQbFJIU2lCSVNFazhMMkUrUEM5MFpENDhkR1ErVkdocGJtZGhiV0ZxYVdkelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTWk0eE1Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB5TkNJK1Ixb2dSbG80UEM5aFBqd3ZkR1ErUEhSa1BrZHBlbTF2Y3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREV1TURBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNamNpUGtSdmJ5QmtZV2dnWkdGNVBDOWhQand2ZEdRK1BIUmtQa1J2YjJSaGFITThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRMkxqVXdQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2NISnZaR2xrUFRJd0lqNVhhR0YwYzJsMElIUmhjM1JsSUd4cGEyVThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamsyUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 24, + "fields": { + "finding": 305, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTWpBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5RFFvTkNuVndaR0YwWlQxVmNHUmhkR1VyUW1GemEyVjA=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016TXlNQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4d0lITjBlV3hsUFNKamIyeHZjanBuY21WbGJpSStXVzkxY2lCaVlYTnJaWFFnYUdGa0lHSmxaVzRnZFhCa1lYUmxaQzQ4TDNBK1BHSnlMejRLUEdadmNtMGdZV04wYVc5dVBTSmlZWE5yWlhRdWFuTndJaUJ0WlhSb2IyUTlJbkJ2YzNRaVBnbzhkR0ZpYkdVZ1ltOXlaR1Z5UFNJeElpQmpiR0Z6Y3owaVltOXlaR1Z5SWlCM2FXUjBhRDBpT0RBbElqNEtQSFJ5UGp4MGFENVFjbTlrZFdOMFBDOTBhRDQ4ZEdnK1VYVmhiblJwZEhrOEwzUm9QangwYUQ1UWNtbGpaVHd2ZEdnK1BIUm9QbFJ2ZEdGc1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVGdpUGxkb1lYUnphWFFnZDJWcFoyZzhMMkUrUEM5MFpENEtQSFJrSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCalpXNTBaWElpUGladVluTndPenhoSUdoeVpXWTlJaU1pSUc5dVkyeHBZMnM5SW1SbFkxRjFZVzUwYVhSNUtERTRLVHNpUGp4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRNd0xuQnVaeUlnWVd4MFBTSkVaV055WldGelpTQnhkV0Z1ZEdsMGVTQnBiaUJpWVhOclpYUWlJR0p2Y21SbGNqMGlNQ0krUEM5aFBpWnVZbk53T3p4cGJuQjFkQ0JwWkQwaWNYVmhiblJwZEhsZk1UZ2lJRzVoYldVOUluRjFZVzUwYVhSNVh6RTRJaUIyWVd4MVpUMGlNU0lnYldGNGJHVnVaM1JvUFNJeUlpQnphWHBsSUQwZ0lqSWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdVa1ZCUkU5T1RGa2dMejRtYm1KemNEczhZU0JvY21WbVBTSWpJaUJ2Ym1Oc2FXTnJQU0pwYm1OUmRXRnVkR2wwZVNneE9DazdJajQ4YVcxbklITnlZejBpYVcxaFoyVnpMekV5T1M1d2JtY2lJR0ZzZEQwaVNXNWpjbVZoYzJVZ2NYVmhiblJwZEhrZ2FXNGdZbUZ6YTJWMElpQmliM0prWlhJOUlqQWlQand2WVQ0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQxTUR3dmRHUStDand2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStQSFJrUGxSdmRHRnNQQzkwWkQ0OGRHUWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJR05sYm5SbGNpSStQR2x1Y0hWMElHbGtQU0oxY0dSaGRHVWlJRzVoYldVOUluVndaR0YwWlNJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlWWEJrWVhSbElFSmhjMnRsZENJdlBqd3ZkR1ErUEhSa1BpWnVZbk53T3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQand2ZEhJK0Nqd3ZkR0ZpYkdVK0NnbzhMMlp2Y20wK0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 25, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 26, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 27, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 28, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 29, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXpOUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpvd09TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5WelpYSXhRSFJvWldKdlpHZGxhWFJ6ZEc5eVpTNWpiMjA4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1U1pXZHBjM1JsY2p3dmFETStDZ29LVUd4bFlYTmxJR1Z1ZEdWeUlIUm9aU0JtYjJ4c2IzZHBibWNnWkdWMFlXbHNjeUIwYnlCeVpXZHBjM1JsY2lCM2FYUm9JSFZ6T2lBOFluSXZQanhpY2k4K0NqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStDZ2s4WTJWdWRHVnlQZ29KUEhSaFlteGxQZ29KUEhSeVBnb0pDVHgwWkQ1VmMyVnlibUZ0WlNBb2VXOTFjaUJsYldGcGJDQmhaR1J5WlhOektUbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5WelpYSnVZVzFsSWlCdVlXMWxQU0oxYzJWeWJtRnRaU0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRFaUlHNWhiV1U5SW5CaGMzTjNiM0prTVNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQa052Ym1acGNtMGdVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRJaUlHNWhiV1U5SW5CaGMzTjNiM0prTWlJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWMzVmliV2wwSWlCMGVYQmxQU0p6ZFdKdGFYUWlJSFpoYkhWbFBTSlNaV2RwYzNSbGNpSStQQzlwYm5CMWRENDhMM1JrUGdvSlBDOTBjajRLQ1R3dmRHRmliR1UrQ2drOEwyTmxiblJsY2o0S1BDOW1iM0p0UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 30, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 31, + "fields": { + "finding": 306, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 32, + "fields": { + "finding": 307, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTXpRTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5SncwS0RRcHhkV0Z1ZEdsMGVWOHhPRDB4Sm5Wd1pHRjBaVDFWY0dSaGRHVXJRbUZ6YTJWMA==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTlRBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxMWRHWXRPQTBLUTI5dWRHVnVkQzFNWVc1bmRXRm5aVG9nWlc0TkNrTnZiblJsYm5RdFRHVnVaM1JvT2lBME1EZzBEUXBFWVhSbE9pQlRZWFFzSURJM0lFRjFaeUF5TURFMklEQXlPakV4T2pRMElFZE5WQTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2cwS1BDRkVUME5VV1ZCRklHaDBiV3crUEdoMGJXdytQR2hsWVdRK1BIUnBkR3hsUGtGd1lXTm9aU0JVYjIxallYUXZPUzR3TGpBdVRUUWdMU0JGY25KdmNpQnlaWEJ2Y25ROEwzUnBkR3hsUGp4emRIbHNaU0IwZVhCbFBTSjBaWGgwTDJOemN5SStTREVnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0bWIyNTBMWE5wZW1VNk1qSndlRHQ5SUVneUlIdG1iMjUwTFdaaGJXbHNlVHBVWVdodmJXRXNRWEpwWVd3c2MyRnVjeTF6WlhKcFpqdGpiMnh2Y2pwM2FHbDBaVHRpWVdOclozSnZkVzVrTFdOdmJHOXlPaU0xTWpWRU56WTdabTl1ZEMxemFYcGxPakUyY0hnN2ZTQklNeUI3Wm05dWRDMW1ZVzFwYkhrNlZHRm9iMjFoTEVGeWFXRnNMSE5oYm5NdGMyVnlhV1k3WTI5c2IzSTZkMmhwZEdVN1ltRmphMmR5YjNWdVpDMWpiMnh2Y2pvak5USTFSRGMyTzJadmJuUXRjMmw2WlRveE5IQjRPMzBnUWs5RVdTQjdabTl1ZEMxbVlXMXBiSGs2VkdGb2IyMWhMRUZ5YVdGc0xITmhibk10YzJWeWFXWTdZMjlzYjNJNllteGhZMnM3WW1GamEyZHliM1Z1WkMxamIyeHZjanAzYUdsMFpUdDlJRUlnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0OUlGQWdlMlp2Ym5RdFptRnRhV3g1T2xSaGFHOXRZU3hCY21saGJDeHpZVzV6TFhObGNtbG1PMkpoWTJ0bmNtOTFibVE2ZDJocGRHVTdZMjlzYjNJNllteGhZMnM3Wm05dWRDMXphWHBsT2pFeWNIZzdmVUVnZTJOdmJHOXlJRG9nWW14aFkyczdmVUV1Ym1GdFpTQjdZMjlzYjNJZ09pQmliR0ZqYXp0OUxteHBibVVnZTJobGFXZG9kRG9nTVhCNE95QmlZV05yWjNKdmRXNWtMV052Ykc5eU9pQWpOVEkxUkRjMk95QmliM0prWlhJNklHNXZibVU3ZlR3dmMzUjViR1UrSUR3dmFHVmhaRDQ4WW05a2VUNDhhREUrU0ZSVVVDQlRkR0YwZFhNZ05UQXdJQzBnUVc0Z1pYaGpaWEIwYVc5dUlHOWpZM1Z5Y21Wa0lIQnliMk5sYzNOcGJtY2dTbE5RSUhCaFoyVWdMMkpoYzJ0bGRDNXFjM0FnWVhRZ2JHbHVaU0F5TkRROEwyZ3hQanhrYVhZZ1kyeGhjM005SW14cGJtVWlQand2WkdsMlBqeHdQanhpUG5SNWNHVThMMkkrSUVWNFkyVndkR2x2YmlCeVpYQnZjblE4TDNBK1BIQStQR0krYldWemMyRm5aVHd2WWo0Z1BIVStRVzRnWlhoalpYQjBhVzl1SUc5alkzVnljbVZrSUhCeWIyTmxjM05wYm1jZ1NsTlFJSEJoWjJVZ0wySmhjMnRsZEM1cWMzQWdZWFFnYkdsdVpTQXlORFE4TDNVK1BDOXdQanh3UGp4aVBtUmxjMk55YVhCMGFXOXVQQzlpUGlBOGRUNVVhR1VnYzJWeWRtVnlJR1Z1WTI5MWJuUmxjbVZrSUdGdUlHbHVkR1Z5Ym1Gc0lHVnljbTl5SUhSb1lYUWdjSEpsZG1WdWRHVmtJR2wwSUdaeWIyMGdablZzWm1sc2JHbHVaeUIwYUdseklISmxjWFZsYzNRdVBDOTFQand2Y0Q0OGNENDhZajVsZUdObGNIUnBiMjQ4TDJJK1BDOXdQanh3Y21VK2IzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdVNtRnpjR1Z5UlhoalpYQjBhVzl1T2lCQmJpQmxlR05sY0hScGIyNGdiMk5qZFhKeVpXUWdjSEp2WTJWemMybHVaeUJLVTFBZ2NHRm5aU0F2WW1GemEyVjBMbXB6Y0NCaGRDQnNhVzVsSURJME5Bb0tNalF4T2lBSkNRa0pDWE4wYlhRdVpYaGxZM1YwWlNncE93b3lOREk2SUFrSkNRa0pjM1J0ZEM1amJHOXpaU2dwT3drSkNRa0pDUW95TkRNNklBa0pDUWw5SUdWc2MyVWdld295TkRRNklBa0pDUWtKYzNSdGRDQTlJR052Ym00dWNISmxjR0Z5WlZOMFlYUmxiV1Z1ZENnbWNYVnZkRHRWVUVSQlZFVWdRbUZ6YTJWMFEyOXVkR1Z1ZEhNZ1UwVlVJSEYxWVc1MGFYUjVJRDBnSm5GMWIzUTdJQ3NnU1c1MFpXZGxjaTV3WVhKelpVbHVkQ2gyWVd4MVpTa2dLeUFtY1hWdmREc2dWMGhGVWtVZ1ltRnphMlYwYVdROUpuRjFiM1E3SUNzZ1ltRnphMlYwU1dRZ0t3b3lORFU2SUFrSkNRa0pDUWttY1hWdmREc2dRVTVFSUhCeWIyUjFZM1JwWkNBOUlDWnhkVzkwT3lBcklIQnliMlJKWkNrN0NqSTBOam9nQ1FrSkNRbHpkRzEwTG1WNFpXTjFkR1VvS1RzS01qUTNPaUFKQ1FrSkNXbG1JQ2hKYm5SbFoyVnlMbkJoY25ObFNXNTBLSFpoYkhWbEtTQW1iSFE3SURBcElIc0tDZ3BUZEdGamEzUnlZV05sT2dvSmIzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdWMyVnlkbXhsZEM1S2MzQlRaWEoyYkdWMFYzSmhjSEJsY2k1b1lXNWtiR1ZLYzNCRmVHTmxjSFJwYjI0b1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8xT0RNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTmpZcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2NtOXZkQ0JqWVhWelpUd3ZZajQ4TDNBK1BIQnlaVDVxWVhaaGVDNXpaWEoyYkdWMExsTmxjblpzWlhSRmVHTmxjSFJwYjI0NklHcGhkbUV1YzNGc0xsTlJURVY0WTJWd2RHbHZiam9nVlc1bGVIQmxZM1JsWkNCbGJtUWdiMllnWTI5dGJXRnVaQ0JwYmlCemRHRjBaVzFsYm5RZ1cxVlFSRUZVUlNCQ1lYTnJaWFJEYjI1MFpXNTBjeUJUUlZRZ2NYVmhiblJwZEhrZ1BTQXhJRmRJUlZKRklHSmhjMnRsZEdsa1BUSW5JRUZPUkNCd2NtOWtkV04wYVdRZ1BTQXhPRjBLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1VUdGblpVTnZiblJsZUhSSmJYQnNMbVJ2U0dGdVpHeGxVR0ZuWlVWNFkyVndkR2x2YmloUVlXZGxRMjl1ZEdWNGRFbHRjR3d1YW1GMllUbzVNRGtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1eWRXNTBhVzFsTGxCaFoyVkRiMjUwWlhoMFNXMXdiQzVvWVc1a2JHVlFZV2RsUlhoalpYQjBhVzl1S0ZCaFoyVkRiMjUwWlhoMFNXMXdiQzVxWVhaaE9qZ3pPQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFuTndMbUpoYzJ0bGRGOXFjM0F1WDJwemNGTmxjblpwWTJVb1ltRnphMlYwWDJwemNDNXFZWFpoT2pRME1pa0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbkoxYm5ScGJXVXVTSFIwY0VwemNFSmhjMlV1YzJWeWRtbGpaU2hJZEhSd1NuTndRbUZ6WlM1cVlYWmhPamN3S1FvSmFtRjJZWGd1YzJWeWRteGxkQzVvZEhSd0xraDBkSEJUWlhKMmJHVjBMbk5sY25acFkyVW9TSFIwY0ZObGNuWnNaWFF1YW1GMllUbzNNamtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhSWGNtRndjR1Z5TG5ObGNuWnBZMlVvU25Od1UyVnlkbXhsZEZkeVlYQndaWEl1YW1GMllUbzBORE1wQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhRdWMyVnlkbWxqWlVwemNFWnBiR1VvU25Od1UyVnlkbXhsZEM1cVlYWmhPak00TlNrS0NXOXlaeTVoY0dGamFHVXVhbUZ6Y0dWeUxuTmxjblpzWlhRdVNuTndVMlZ5ZG14bGRDNXpaWEoyYVdObEtFcHpjRk5sY25ac1pYUXVhbUYyWVRvek1qa3BDZ2xxWVhaaGVDNXpaWEoyYkdWMExtaDBkSEF1U0hSMGNGTmxjblpzWlhRdWMyVnlkbWxqWlNoSWRIUndVMlZ5ZG14bGRDNXFZWFpoT2pjeU9Ta0tDVzl5Wnk1aGNHRmphR1V1ZEc5dFkyRjBMbmRsWW5OdlkydGxkQzV6WlhKMlpYSXVWM05HYVd4MFpYSXVaRzlHYVd4MFpYSW9WM05HYVd4MFpYSXVhbUYyWVRvMU15a0tQQzl3Y21VK1BIQStQR0krY205dmRDQmpZWFZ6WlR3dllqNDhMM0ErUEhCeVpUNXFZWFpoTG5OeGJDNVRVVXhGZUdObGNIUnBiMjQ2SUZWdVpYaHdaV04wWldRZ1pXNWtJRzltSUdOdmJXMWhibVFnYVc0Z2MzUmhkR1Z0Wlc1MElGdFZVRVJCVkVVZ1FtRnphMlYwUTI5dWRHVnVkSE1nVTBWVUlIRjFZVzUwYVhSNUlEMGdNU0JYU0VWU1JTQmlZWE5yWlhScFpEMHlKeUJCVGtRZ2NISnZaSFZqZEdsa0lEMGdNVGhkQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11VlhScGJDNTBhSEp2ZDBWeWNtOXlLRlZ1YTI1dmQyNGdVMjkxY21ObEtRb0piM0puTG1oemNXeGtZaTVxWkdKakxtcGtZbU5RY21Wd1lYSmxaRk4wWVhSbGJXVnVkQzRtYkhRN2FXNXBkQ1puZERzb1ZXNXJibTkzYmlCVGIzVnlZMlVwQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11YW1SaVkwTnZibTVsWTNScGIyNHVjSEpsY0dGeVpWTjBZWFJsYldWdWRDaFZibXR1YjNkdUlGTnZkWEpqWlNrS0NXOXlaeTVoY0dGamFHVXVhbk53TG1KaGMydGxkRjlxYzNBdVgycHpjRk5sY25acFkyVW9ZbUZ6YTJWMFgycHpjQzVxWVhaaE9qTTJOQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1U0hSMGNFcHpjRUpoYzJVdWMyVnlkbWxqWlNoSWRIUndTbk53UW1GelpTNXFZWFpoT2pjd0tRb0phbUYyWVhndWMyVnlkbXhsZEM1b2RIUndMa2gwZEhCVFpYSjJiR1YwTG5ObGNuWnBZMlVvU0hSMGNGTmxjblpzWlhRdWFtRjJZVG8zTWprcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTkRNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2JtOTBaVHd2WWo0Z1BIVStWR2hsSUdaMWJHd2djM1JoWTJzZ2RISmhZMlVnYjJZZ2RHaGxJSEp2YjNRZ1kyRjFjMlVnYVhNZ1lYWmhhV3hoWW14bElHbHVJSFJvWlNCQmNHRmphR1VnVkc5dFkyRjBMemt1TUM0d0xrMDBJR3h2WjNNdVBDOTFQand2Y0Q0OGFISWdZMnhoYzNNOUlteHBibVVpUGp4b016NUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5b016NDhMMkp2WkhrK1BDOW9kRzFzUGc9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 33, + "fields": { + "finding": 307, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKeVoxYzJWeWJtRnRaVDA9", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLRFFvOGNDQnpkSGxzWlQwaVkyOXNiM0k2Y21Wa0lqNVpiM1VnYzNWd2NHeHBaV1FnWVc0Z2FXNTJZV3hwWkNCdVlXMWxJRzl5SUhCaGMzTjNiM0prTGp3dmNENEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 34, + "fields": { + "finding": 307, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQU2M9", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTVNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZFhObGNqRkFkR2hsWW05a1oyVnBkSE4wYjNKbExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb05Danh3SUhOMGVXeGxQU0pqYjJ4dmNqcHlaV1FpUGxsdmRTQnpkWEJ3YkdsbFpDQmhiaUJwYm5aaGJHbGtJRzVoYldVZ2IzSWdjR0Z6YzNkdmNtUXVQQzl3UGdvTkNqeG9NejVNYjJkcGJqd3ZhRE0rRFFwUWJHVmhjMlVnWlc1MFpYSWdlVzkxY2lCamNtVmtaVzUwYVdGc2N6b2dQR0p5THo0OFluSXZQZzBLUEdadmNtMGdiV1YwYUc5a1BTSlFUMU5VSWo0TkNnazhZMlZ1ZEdWeVBnMEtDVHgwWVdKc1pUNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1VmMyVnlibUZ0WlRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0oxYzJWeWJtRnRaU0lnYm1GdFpUMGlkWE5sY201aGJXVWlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUeDBjajROQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0RRb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluQmhjM04zYjNKa0lpQnVZVzFsUFNKd1lYTnpkMjl5WkNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENE5DZ2s4TDNSeVBnMEtDVHgwY2o0TkNna0pQSFJrUGp3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVEc5bmFXNGlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUd3ZkR0ZpYkdVK0RRb0pQQzlqWlc1MFpYSStEUW84TDJadmNtMCtEUXBKWmlCNWIzVWdaRzl1ZENCb1lYWmxJR0Z1SUdGalkyOTFiblFnZDJsMGFDQjFjeUIwYUdWdUlIQnNaV0Z6WlNBOFlTQm9jbVZtUFNKeVpXZHBjM1JsY2k1cWMzQWlQbEpsWjJsemRHVnlQQzloUGlCdWIzY2dabTl5SUdFZ1puSmxaU0JoWTJOdmRXNTBMZzBLUEdKeUx6NDhZbkl2UGcwS0RRbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2cwS0RRbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 35, + "fields": { + "finding": 307, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiU2NtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTNNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDbE41YzNSbGJTQmxjbkp2Y2k0S0Nnb0tDZ29LUENGRVQwTlVXVkJGSUVoVVRVd2dVRlZDVEVsRElDSXRMeTlYTTBNdkwwUlVSQ0JJVkUxTUlETXVNaTh2UlU0aVBnbzhhSFJ0YkQ0S1BHaGxZV1ErQ2p4MGFYUnNaVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2ZEdsMGJHVStDanhzYVc1cklHaHlaV1k5SW5OMGVXeGxMbU56Y3lJZ2NtVnNQU0p6ZEhsc1pYTm9aV1YwSWlCMGVYQmxQU0owWlhoMEwyTnpjeUlnTHo0S1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlJSE55WXowaUxpOXFjeTkxZEdsc0xtcHpJajQ4TDNOamNtbHdkRDRLUEM5b1pXRmtQZ284WW05a2VUNEtDanhqWlc1MFpYSStDangwWVdKc1pTQjNhV1IwYUQwaU9EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhTREUrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDBneFBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBWd2libTlpYjNKa1pYSmNJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlQaVp1WW5Od096d3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTkRBbElqNVhaU0JpYjJSblpTQnBkQ3dnYzI4Z2VXOTFJR1J2Ym5RZ2FHRjJaU0IwYnlFOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJZ2MzUjViR1U5SW5SbGVIUXRZV3hwWjI0NklISnBaMmgwSWlBK0NsVnpaWEk2SUR4aElHaHlaV1k5SW5CaGMzTjNiM0prTG1wemNDSStkR1Z6ZEVCMFpYTjBMbU52YlhsbU1UTTJQSE5qY21sd2RENWhiR1Z5ZENneEtUd3ZjMk55YVhCMFBtcHNaV1IxUEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1VtVm5hWE4wWlhJOEwyZ3pQZ29LQ2xCc1pXRnpaU0JsYm5SbGNpQjBhR1VnWm05c2JHOTNhVzVuSUdSbGRHRnBiSE1nZEc4Z2NtVm5hWE4wWlhJZ2QybDBhQ0IxY3pvZ1BHSnlMejQ4WW5JdlBnbzhabTl5YlNCdFpYUm9iMlE5SWxCUFUxUWlQZ29KUEdObGJuUmxjajRLQ1R4MFlXSnNaVDRLQ1R4MGNqNEtDUWs4ZEdRK1ZYTmxjbTVoYldVZ0tIbHZkWElnWlcxaGFXd2dZV1JrY21WemN5azZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKMWMyVnlibUZ0WlNJZ2JtRnRaVDBpZFhObGNtNWhiV1VpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReElpQnVZVzFsUFNKd1lYTnpkMjl5WkRFaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDVEYjI1bWFYSnRJRkJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReUlpQnVZVzFsUFNKd1lYTnpkMjl5WkRJaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDQ4TDNSa1Bnb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluTjFZbTFwZENJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlVbVZuYVhOMFpYSWlQand2YVc1d2RYUStQQzkwWkQ0S0NUd3ZkSEkrQ2drOEwzUmhZbXhsUGdvSlBDOWpaVzUwWlhJK0Nqd3ZabTl5YlQ0S0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 36, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 37, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 38, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 39, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 40, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 41, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 42, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 43, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 44, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 45, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 46, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 47, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 48, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 49, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 50, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 51, + "fields": { + "finding": 309, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 52, + "fields": { + "finding": 309, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 53, + "fields": { + "finding": 309, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 54, + "fields": { + "finding": 338, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 55, + "fields": { + "finding": 338, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 56, + "fields": { + "finding": 338, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 57, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 58, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 59, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 60, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 61, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 62, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 63, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 64, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 65, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 66, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 67, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 68, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 69, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 70, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 71, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 72, + "fields": { + "finding": 340, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiWGxtTVRNMlBITmpjbWx3ZEQ1aGJHVnlkQ2d4S1R3bE1tWnpZM0pwY0hRK2FteGxaSFVtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nWWw5cFpEME5Da052Ym5SbGJuUXRWSGx3WlRvZ2RHVjRkQzlvZEcxc08yTm9ZWEp6WlhROVNWTlBMVGc0TlRrdE1RMEtRMjl1ZEdWdWRDMU1aVzVuZEdnNklESXdORGtOQ2tSaGRHVTZJRk5oZEN3Z01qY2dRWFZuSURJd01UWWdNREk2TVRJNk1UVWdSMDFVRFFwRGIyNXVaV04wYVc5dU9pQmpiRzl6WlEwS0RRb0tDZ29LQ2dvS0NnbzhJVVJQUTFSWlVFVWdTRlJOVENCUVZVSk1TVU1nSWkwdkwxY3pReTh2UkZSRUlFaFVUVXdnTXk0eUx5OUZUaUkrQ2p4b2RHMXNQZ284YUdWaFpENEtQSFJwZEd4bFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOTBhWFJzWlQ0S1BHeHBibXNnYUhKbFpqMGljM1I1YkdVdVkzTnpJaUJ5Wld3OUluTjBlV3hsYzJobFpYUWlJSFI1Y0dVOUluUmxlSFF2WTNOeklpQXZQZ284YzJOeWFYQjBJSFI1Y0dVOUluUmxlSFF2YW1GMllYTmpjbWx3ZENJZ2MzSmpQU0l1TDJwekwzVjBhV3d1YW5NaVBqd3ZjMk55YVhCMFBnbzhMMmhsWVdRK0NqeGliMlI1UGdvS1BHTmxiblJsY2o0S1BIUmhZbXhsSUhkcFpIUm9QU0k0TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4SU1UNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZTREUrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005WENKdWIySnZjbVJsY2x3aVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSTBNQ1VpUGxkbElHSnZaR2RsSUdsMExDQnpieUI1YjNVZ1pHOXVkQ0JvWVhabElIUnZJVHd2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRDRLVlhObGNqb2dQR0VnYUhKbFpqMGljR0Z6YzNkdmNtUXVhbk53SWo1MFpYTjBRSFJsYzNRdVkyOXRlV1l4TXpZOGMyTnlhWEIwUG1Gc1pYSjBLREVwUEM5elkzSnBjSFErYW14bFpIVThMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 73, + "fields": { + "finding": 340, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQS9jVDAxTlRVdE5UVTFMVEF4T1RsQVpYaGhiWEJzWlM1amIyMXJPR1owYnp4elkzSnBjSFErWVd4bGNuUW9NU2s4SlRKbWMyTnlhWEIwUG01M2VETnNJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qRXdOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhZajVaYjNVZ2MyVmhjbU5vWldRZ1ptOXlPand2WWo0Z05UVTFMVFUxTlMwd01UazVRR1Y0WVcxd2JHVXVZMjl0YXpobWRHODhjMk55YVhCMFBtRnNaWEowS0RFcFBDOXpZM0pwY0hRK2JuZDRNMnc4WW5JdlBqeGljaTgrQ2p4a2FYWStQR0krVG04Z1VtVnpkV3gwY3lCR2IzVnVaRHd2WWo0OEwyUnBkajRLQ2p3dlptOXVkRDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 74, + "fields": { + "finding": 342, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 75, + "fields": { + "finding": 343, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkQ1UwTUhSbGMzUXVZMjl0Sm5CaGMzTjNiM0prTVQxMFpYTjBNVEl6Sm5CaGMzTjNiM0prTWoxMFpYTjBNVEl6", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qQXhOQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1RveU5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5SbGMzUkFkR1Z6ZEM1amIyMDhMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 76, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXlOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVQZFhJZ1FtVnpkQ0JFWldGc2N5RThMMmd6UGdvOFkyVnVkR1Z5UGp4MFlXSnNaU0JpYjNKa1pYSTlJakVpSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGxCeWIyUjFZM1E4TDNSb1BqeDBhRDVVZVhCbFBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1Bqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU5TSStSMW9nU3pjM1BDOWhQand2ZEdRK1BIUmtQa2RwZW0xdmN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU1EVThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TlNJK1ZHaHBibWRwWlNBeVBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU55SStSRzl2SUdSaGFDQmtZWGs4TDJFK1BDOTBaRDQ4ZEdRK1JHOXZaR0ZvY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRFl1TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNallpUGxwcGNDQmhJR1JsWlNCa2IyOGdaR0ZvUEM5aFBqd3ZkR1ErUEhSa1BrUnZiMlJoYUhNOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF6TGprNVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEk1SWo1VWFYQnZabTE1ZEc5dVozVmxQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamMwUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BURTNJajVYYUdGMGMybDBJR05oYkd4bFpEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1UVWlQbFJIU2lCSVNFazhMMkUrUEM5MFpENDhkR1ErVkdocGJtZGhiV0ZxYVdkelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTWk0eE1Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB5TkNJK1Ixb2dSbG80UEM5aFBqd3ZkR1ErUEhSa1BrZHBlbTF2Y3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREV1TURBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNamNpUGtSdmJ5QmtZV2dnWkdGNVBDOWhQand2ZEdRK1BIUmtQa1J2YjJSaGFITThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRMkxqVXdQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2NISnZaR2xrUFRJd0lqNVhhR0YwYzJsMElIUmhjM1JsSUd4cGEyVThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamsyUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 77, + "fields": { + "finding": 343, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTWpBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5RFFvTkNuVndaR0YwWlQxVmNHUmhkR1VyUW1GemEyVjA=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016TXlNQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4d0lITjBlV3hsUFNKamIyeHZjanBuY21WbGJpSStXVzkxY2lCaVlYTnJaWFFnYUdGa0lHSmxaVzRnZFhCa1lYUmxaQzQ4TDNBK1BHSnlMejRLUEdadmNtMGdZV04wYVc5dVBTSmlZWE5yWlhRdWFuTndJaUJ0WlhSb2IyUTlJbkJ2YzNRaVBnbzhkR0ZpYkdVZ1ltOXlaR1Z5UFNJeElpQmpiR0Z6Y3owaVltOXlaR1Z5SWlCM2FXUjBhRDBpT0RBbElqNEtQSFJ5UGp4MGFENVFjbTlrZFdOMFBDOTBhRDQ4ZEdnK1VYVmhiblJwZEhrOEwzUm9QangwYUQ1UWNtbGpaVHd2ZEdnK1BIUm9QbFJ2ZEdGc1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVGdpUGxkb1lYUnphWFFnZDJWcFoyZzhMMkUrUEM5MFpENEtQSFJrSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCalpXNTBaWElpUGladVluTndPenhoSUdoeVpXWTlJaU1pSUc5dVkyeHBZMnM5SW1SbFkxRjFZVzUwYVhSNUtERTRLVHNpUGp4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRNd0xuQnVaeUlnWVd4MFBTSkVaV055WldGelpTQnhkV0Z1ZEdsMGVTQnBiaUJpWVhOclpYUWlJR0p2Y21SbGNqMGlNQ0krUEM5aFBpWnVZbk53T3p4cGJuQjFkQ0JwWkQwaWNYVmhiblJwZEhsZk1UZ2lJRzVoYldVOUluRjFZVzUwYVhSNVh6RTRJaUIyWVd4MVpUMGlNU0lnYldGNGJHVnVaM1JvUFNJeUlpQnphWHBsSUQwZ0lqSWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdVa1ZCUkU5T1RGa2dMejRtYm1KemNEczhZU0JvY21WbVBTSWpJaUJ2Ym1Oc2FXTnJQU0pwYm1OUmRXRnVkR2wwZVNneE9DazdJajQ4YVcxbklITnlZejBpYVcxaFoyVnpMekV5T1M1d2JtY2lJR0ZzZEQwaVNXNWpjbVZoYzJVZ2NYVmhiblJwZEhrZ2FXNGdZbUZ6YTJWMElpQmliM0prWlhJOUlqQWlQand2WVQ0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQxTUR3dmRHUStDand2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStQSFJrUGxSdmRHRnNQQzkwWkQ0OGRHUWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJR05sYm5SbGNpSStQR2x1Y0hWMElHbGtQU0oxY0dSaGRHVWlJRzVoYldVOUluVndaR0YwWlNJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlWWEJrWVhSbElFSmhjMnRsZENJdlBqd3ZkR1ErUEhSa1BpWnVZbk53T3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQand2ZEhJK0Nqd3ZkR0ZpYkdVK0NnbzhMMlp2Y20wK0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 78, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 79, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 80, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 81, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 82, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXpOUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpvd09TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5WelpYSXhRSFJvWldKdlpHZGxhWFJ6ZEc5eVpTNWpiMjA4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1U1pXZHBjM1JsY2p3dmFETStDZ29LVUd4bFlYTmxJR1Z1ZEdWeUlIUm9aU0JtYjJ4c2IzZHBibWNnWkdWMFlXbHNjeUIwYnlCeVpXZHBjM1JsY2lCM2FYUm9JSFZ6T2lBOFluSXZQanhpY2k4K0NqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStDZ2s4WTJWdWRHVnlQZ29KUEhSaFlteGxQZ29KUEhSeVBnb0pDVHgwWkQ1VmMyVnlibUZ0WlNBb2VXOTFjaUJsYldGcGJDQmhaR1J5WlhOektUbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5WelpYSnVZVzFsSWlCdVlXMWxQU0oxYzJWeWJtRnRaU0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRFaUlHNWhiV1U5SW5CaGMzTjNiM0prTVNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQa052Ym1acGNtMGdVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRJaUlHNWhiV1U5SW5CaGMzTjNiM0prTWlJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWMzVmliV2wwSWlCMGVYQmxQU0p6ZFdKdGFYUWlJSFpoYkhWbFBTSlNaV2RwYzNSbGNpSStQQzlwYm5CMWRENDhMM1JrUGdvSlBDOTBjajRLQ1R3dmRHRmliR1UrQ2drOEwyTmxiblJsY2o0S1BDOW1iM0p0UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 83, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 84, + "fields": { + "finding": 344, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 85, + "fields": { + "finding": 345, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTXpRTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5SncwS0RRcHhkV0Z1ZEdsMGVWOHhPRDB4Sm5Wd1pHRjBaVDFWY0dSaGRHVXJRbUZ6YTJWMA==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTlRBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxMWRHWXRPQTBLUTI5dWRHVnVkQzFNWVc1bmRXRm5aVG9nWlc0TkNrTnZiblJsYm5RdFRHVnVaM1JvT2lBME1EZzBEUXBFWVhSbE9pQlRZWFFzSURJM0lFRjFaeUF5TURFMklEQXlPakV4T2pRMElFZE5WQTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2cwS1BDRkVUME5VV1ZCRklHaDBiV3crUEdoMGJXdytQR2hsWVdRK1BIUnBkR3hsUGtGd1lXTm9aU0JVYjIxallYUXZPUzR3TGpBdVRUUWdMU0JGY25KdmNpQnlaWEJ2Y25ROEwzUnBkR3hsUGp4emRIbHNaU0IwZVhCbFBTSjBaWGgwTDJOemN5SStTREVnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0bWIyNTBMWE5wZW1VNk1qSndlRHQ5SUVneUlIdG1iMjUwTFdaaGJXbHNlVHBVWVdodmJXRXNRWEpwWVd3c2MyRnVjeTF6WlhKcFpqdGpiMnh2Y2pwM2FHbDBaVHRpWVdOclozSnZkVzVrTFdOdmJHOXlPaU0xTWpWRU56WTdabTl1ZEMxemFYcGxPakUyY0hnN2ZTQklNeUI3Wm05dWRDMW1ZVzFwYkhrNlZHRm9iMjFoTEVGeWFXRnNMSE5oYm5NdGMyVnlhV1k3WTI5c2IzSTZkMmhwZEdVN1ltRmphMmR5YjNWdVpDMWpiMnh2Y2pvak5USTFSRGMyTzJadmJuUXRjMmw2WlRveE5IQjRPMzBnUWs5RVdTQjdabTl1ZEMxbVlXMXBiSGs2VkdGb2IyMWhMRUZ5YVdGc0xITmhibk10YzJWeWFXWTdZMjlzYjNJNllteGhZMnM3WW1GamEyZHliM1Z1WkMxamIyeHZjanAzYUdsMFpUdDlJRUlnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0OUlGQWdlMlp2Ym5RdFptRnRhV3g1T2xSaGFHOXRZU3hCY21saGJDeHpZVzV6TFhObGNtbG1PMkpoWTJ0bmNtOTFibVE2ZDJocGRHVTdZMjlzYjNJNllteGhZMnM3Wm05dWRDMXphWHBsT2pFeWNIZzdmVUVnZTJOdmJHOXlJRG9nWW14aFkyczdmVUV1Ym1GdFpTQjdZMjlzYjNJZ09pQmliR0ZqYXp0OUxteHBibVVnZTJobGFXZG9kRG9nTVhCNE95QmlZV05yWjNKdmRXNWtMV052Ykc5eU9pQWpOVEkxUkRjMk95QmliM0prWlhJNklHNXZibVU3ZlR3dmMzUjViR1UrSUR3dmFHVmhaRDQ4WW05a2VUNDhhREUrU0ZSVVVDQlRkR0YwZFhNZ05UQXdJQzBnUVc0Z1pYaGpaWEIwYVc5dUlHOWpZM1Z5Y21Wa0lIQnliMk5sYzNOcGJtY2dTbE5RSUhCaFoyVWdMMkpoYzJ0bGRDNXFjM0FnWVhRZ2JHbHVaU0F5TkRROEwyZ3hQanhrYVhZZ1kyeGhjM005SW14cGJtVWlQand2WkdsMlBqeHdQanhpUG5SNWNHVThMMkkrSUVWNFkyVndkR2x2YmlCeVpYQnZjblE4TDNBK1BIQStQR0krYldWemMyRm5aVHd2WWo0Z1BIVStRVzRnWlhoalpYQjBhVzl1SUc5alkzVnljbVZrSUhCeWIyTmxjM05wYm1jZ1NsTlFJSEJoWjJVZ0wySmhjMnRsZEM1cWMzQWdZWFFnYkdsdVpTQXlORFE4TDNVK1BDOXdQanh3UGp4aVBtUmxjMk55YVhCMGFXOXVQQzlpUGlBOGRUNVVhR1VnYzJWeWRtVnlJR1Z1WTI5MWJuUmxjbVZrSUdGdUlHbHVkR1Z5Ym1Gc0lHVnljbTl5SUhSb1lYUWdjSEpsZG1WdWRHVmtJR2wwSUdaeWIyMGdablZzWm1sc2JHbHVaeUIwYUdseklISmxjWFZsYzNRdVBDOTFQand2Y0Q0OGNENDhZajVsZUdObGNIUnBiMjQ4TDJJK1BDOXdQanh3Y21VK2IzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdVNtRnpjR1Z5UlhoalpYQjBhVzl1T2lCQmJpQmxlR05sY0hScGIyNGdiMk5qZFhKeVpXUWdjSEp2WTJWemMybHVaeUJLVTFBZ2NHRm5aU0F2WW1GemEyVjBMbXB6Y0NCaGRDQnNhVzVsSURJME5Bb0tNalF4T2lBSkNRa0pDWE4wYlhRdVpYaGxZM1YwWlNncE93b3lOREk2SUFrSkNRa0pjM1J0ZEM1amJHOXpaU2dwT3drSkNRa0pDUW95TkRNNklBa0pDUWw5SUdWc2MyVWdld295TkRRNklBa0pDUWtKYzNSdGRDQTlJR052Ym00dWNISmxjR0Z5WlZOMFlYUmxiV1Z1ZENnbWNYVnZkRHRWVUVSQlZFVWdRbUZ6YTJWMFEyOXVkR1Z1ZEhNZ1UwVlVJSEYxWVc1MGFYUjVJRDBnSm5GMWIzUTdJQ3NnU1c1MFpXZGxjaTV3WVhKelpVbHVkQ2gyWVd4MVpTa2dLeUFtY1hWdmREc2dWMGhGVWtVZ1ltRnphMlYwYVdROUpuRjFiM1E3SUNzZ1ltRnphMlYwU1dRZ0t3b3lORFU2SUFrSkNRa0pDUWttY1hWdmREc2dRVTVFSUhCeWIyUjFZM1JwWkNBOUlDWnhkVzkwT3lBcklIQnliMlJKWkNrN0NqSTBOam9nQ1FrSkNRbHpkRzEwTG1WNFpXTjFkR1VvS1RzS01qUTNPaUFKQ1FrSkNXbG1JQ2hKYm5SbFoyVnlMbkJoY25ObFNXNTBLSFpoYkhWbEtTQW1iSFE3SURBcElIc0tDZ3BUZEdGamEzUnlZV05sT2dvSmIzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdWMyVnlkbXhsZEM1S2MzQlRaWEoyYkdWMFYzSmhjSEJsY2k1b1lXNWtiR1ZLYzNCRmVHTmxjSFJwYjI0b1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8xT0RNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTmpZcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2NtOXZkQ0JqWVhWelpUd3ZZajQ4TDNBK1BIQnlaVDVxWVhaaGVDNXpaWEoyYkdWMExsTmxjblpzWlhSRmVHTmxjSFJwYjI0NklHcGhkbUV1YzNGc0xsTlJURVY0WTJWd2RHbHZiam9nVlc1bGVIQmxZM1JsWkNCbGJtUWdiMllnWTI5dGJXRnVaQ0JwYmlCemRHRjBaVzFsYm5RZ1cxVlFSRUZVUlNCQ1lYTnJaWFJEYjI1MFpXNTBjeUJUUlZRZ2NYVmhiblJwZEhrZ1BTQXhJRmRJUlZKRklHSmhjMnRsZEdsa1BUSW5JRUZPUkNCd2NtOWtkV04wYVdRZ1BTQXhPRjBLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1VUdGblpVTnZiblJsZUhSSmJYQnNMbVJ2U0dGdVpHeGxVR0ZuWlVWNFkyVndkR2x2YmloUVlXZGxRMjl1ZEdWNGRFbHRjR3d1YW1GMllUbzVNRGtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1eWRXNTBhVzFsTGxCaFoyVkRiMjUwWlhoMFNXMXdiQzVvWVc1a2JHVlFZV2RsUlhoalpYQjBhVzl1S0ZCaFoyVkRiMjUwWlhoMFNXMXdiQzVxWVhaaE9qZ3pPQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFuTndMbUpoYzJ0bGRGOXFjM0F1WDJwemNGTmxjblpwWTJVb1ltRnphMlYwWDJwemNDNXFZWFpoT2pRME1pa0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbkoxYm5ScGJXVXVTSFIwY0VwemNFSmhjMlV1YzJWeWRtbGpaU2hJZEhSd1NuTndRbUZ6WlM1cVlYWmhPamN3S1FvSmFtRjJZWGd1YzJWeWRteGxkQzVvZEhSd0xraDBkSEJUWlhKMmJHVjBMbk5sY25acFkyVW9TSFIwY0ZObGNuWnNaWFF1YW1GMllUbzNNamtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhSWGNtRndjR1Z5TG5ObGNuWnBZMlVvU25Od1UyVnlkbXhsZEZkeVlYQndaWEl1YW1GMllUbzBORE1wQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhRdWMyVnlkbWxqWlVwemNFWnBiR1VvU25Od1UyVnlkbXhsZEM1cVlYWmhPak00TlNrS0NXOXlaeTVoY0dGamFHVXVhbUZ6Y0dWeUxuTmxjblpzWlhRdVNuTndVMlZ5ZG14bGRDNXpaWEoyYVdObEtFcHpjRk5sY25ac1pYUXVhbUYyWVRvek1qa3BDZ2xxWVhaaGVDNXpaWEoyYkdWMExtaDBkSEF1U0hSMGNGTmxjblpzWlhRdWMyVnlkbWxqWlNoSWRIUndVMlZ5ZG14bGRDNXFZWFpoT2pjeU9Ta0tDVzl5Wnk1aGNHRmphR1V1ZEc5dFkyRjBMbmRsWW5OdlkydGxkQzV6WlhKMlpYSXVWM05HYVd4MFpYSXVaRzlHYVd4MFpYSW9WM05HYVd4MFpYSXVhbUYyWVRvMU15a0tQQzl3Y21VK1BIQStQR0krY205dmRDQmpZWFZ6WlR3dllqNDhMM0ErUEhCeVpUNXFZWFpoTG5OeGJDNVRVVXhGZUdObGNIUnBiMjQ2SUZWdVpYaHdaV04wWldRZ1pXNWtJRzltSUdOdmJXMWhibVFnYVc0Z2MzUmhkR1Z0Wlc1MElGdFZVRVJCVkVVZ1FtRnphMlYwUTI5dWRHVnVkSE1nVTBWVUlIRjFZVzUwYVhSNUlEMGdNU0JYU0VWU1JTQmlZWE5yWlhScFpEMHlKeUJCVGtRZ2NISnZaSFZqZEdsa0lEMGdNVGhkQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11VlhScGJDNTBhSEp2ZDBWeWNtOXlLRlZ1YTI1dmQyNGdVMjkxY21ObEtRb0piM0puTG1oemNXeGtZaTVxWkdKakxtcGtZbU5RY21Wd1lYSmxaRk4wWVhSbGJXVnVkQzRtYkhRN2FXNXBkQ1puZERzb1ZXNXJibTkzYmlCVGIzVnlZMlVwQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11YW1SaVkwTnZibTVsWTNScGIyNHVjSEpsY0dGeVpWTjBZWFJsYldWdWRDaFZibXR1YjNkdUlGTnZkWEpqWlNrS0NXOXlaeTVoY0dGamFHVXVhbk53TG1KaGMydGxkRjlxYzNBdVgycHpjRk5sY25acFkyVW9ZbUZ6YTJWMFgycHpjQzVxWVhaaE9qTTJOQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1U0hSMGNFcHpjRUpoYzJVdWMyVnlkbWxqWlNoSWRIUndTbk53UW1GelpTNXFZWFpoT2pjd0tRb0phbUYyWVhndWMyVnlkbXhsZEM1b2RIUndMa2gwZEhCVFpYSjJiR1YwTG5ObGNuWnBZMlVvU0hSMGNGTmxjblpzWlhRdWFtRjJZVG8zTWprcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTkRNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2JtOTBaVHd2WWo0Z1BIVStWR2hsSUdaMWJHd2djM1JoWTJzZ2RISmhZMlVnYjJZZ2RHaGxJSEp2YjNRZ1kyRjFjMlVnYVhNZ1lYWmhhV3hoWW14bElHbHVJSFJvWlNCQmNHRmphR1VnVkc5dFkyRjBMemt1TUM0d0xrMDBJR3h2WjNNdVBDOTFQand2Y0Q0OGFISWdZMnhoYzNNOUlteHBibVVpUGp4b016NUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5b016NDhMMkp2WkhrK1BDOW9kRzFzUGc9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 86, + "fields": { + "finding": 345, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKeVoxYzJWeWJtRnRaVDA9", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLRFFvOGNDQnpkSGxzWlQwaVkyOXNiM0k2Y21Wa0lqNVpiM1VnYzNWd2NHeHBaV1FnWVc0Z2FXNTJZV3hwWkNCdVlXMWxJRzl5SUhCaGMzTjNiM0prTGp3dmNENEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 87, + "fields": { + "finding": 345, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQU2M9", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTVNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZFhObGNqRkFkR2hsWW05a1oyVnBkSE4wYjNKbExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb05Danh3SUhOMGVXeGxQU0pqYjJ4dmNqcHlaV1FpUGxsdmRTQnpkWEJ3YkdsbFpDQmhiaUJwYm5aaGJHbGtJRzVoYldVZ2IzSWdjR0Z6YzNkdmNtUXVQQzl3UGdvTkNqeG9NejVNYjJkcGJqd3ZhRE0rRFFwUWJHVmhjMlVnWlc1MFpYSWdlVzkxY2lCamNtVmtaVzUwYVdGc2N6b2dQR0p5THo0OFluSXZQZzBLUEdadmNtMGdiV1YwYUc5a1BTSlFUMU5VSWo0TkNnazhZMlZ1ZEdWeVBnMEtDVHgwWVdKc1pUNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1VmMyVnlibUZ0WlRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0oxYzJWeWJtRnRaU0lnYm1GdFpUMGlkWE5sY201aGJXVWlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUeDBjajROQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0RRb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluQmhjM04zYjNKa0lpQnVZVzFsUFNKd1lYTnpkMjl5WkNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENE5DZ2s4TDNSeVBnMEtDVHgwY2o0TkNna0pQSFJrUGp3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVEc5bmFXNGlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUd3ZkR0ZpYkdVK0RRb0pQQzlqWlc1MFpYSStEUW84TDJadmNtMCtEUXBKWmlCNWIzVWdaRzl1ZENCb1lYWmxJR0Z1SUdGalkyOTFiblFnZDJsMGFDQjFjeUIwYUdWdUlIQnNaV0Z6WlNBOFlTQm9jbVZtUFNKeVpXZHBjM1JsY2k1cWMzQWlQbEpsWjJsemRHVnlQQzloUGlCdWIzY2dabTl5SUdFZ1puSmxaU0JoWTJOdmRXNTBMZzBLUEdKeUx6NDhZbkl2UGcwS0RRbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2cwS0RRbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 88, + "fields": { + "finding": 345, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiU2NtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTNNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDbE41YzNSbGJTQmxjbkp2Y2k0S0Nnb0tDZ29LUENGRVQwTlVXVkJGSUVoVVRVd2dVRlZDVEVsRElDSXRMeTlYTTBNdkwwUlVSQ0JJVkUxTUlETXVNaTh2UlU0aVBnbzhhSFJ0YkQ0S1BHaGxZV1ErQ2p4MGFYUnNaVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2ZEdsMGJHVStDanhzYVc1cklHaHlaV1k5SW5OMGVXeGxMbU56Y3lJZ2NtVnNQU0p6ZEhsc1pYTm9aV1YwSWlCMGVYQmxQU0owWlhoMEwyTnpjeUlnTHo0S1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlJSE55WXowaUxpOXFjeTkxZEdsc0xtcHpJajQ4TDNOamNtbHdkRDRLUEM5b1pXRmtQZ284WW05a2VUNEtDanhqWlc1MFpYSStDangwWVdKc1pTQjNhV1IwYUQwaU9EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhTREUrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDBneFBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBWd2libTlpYjNKa1pYSmNJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlQaVp1WW5Od096d3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTkRBbElqNVhaU0JpYjJSblpTQnBkQ3dnYzI4Z2VXOTFJR1J2Ym5RZ2FHRjJaU0IwYnlFOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJZ2MzUjViR1U5SW5SbGVIUXRZV3hwWjI0NklISnBaMmgwSWlBK0NsVnpaWEk2SUR4aElHaHlaV1k5SW5CaGMzTjNiM0prTG1wemNDSStkR1Z6ZEVCMFpYTjBMbU52YlhsbU1UTTJQSE5qY21sd2RENWhiR1Z5ZENneEtUd3ZjMk55YVhCMFBtcHNaV1IxUEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1VtVm5hWE4wWlhJOEwyZ3pQZ29LQ2xCc1pXRnpaU0JsYm5SbGNpQjBhR1VnWm05c2JHOTNhVzVuSUdSbGRHRnBiSE1nZEc4Z2NtVm5hWE4wWlhJZ2QybDBhQ0IxY3pvZ1BHSnlMejQ4WW5JdlBnbzhabTl5YlNCdFpYUm9iMlE5SWxCUFUxUWlQZ29KUEdObGJuUmxjajRLQ1R4MFlXSnNaVDRLQ1R4MGNqNEtDUWs4ZEdRK1ZYTmxjbTVoYldVZ0tIbHZkWElnWlcxaGFXd2dZV1JrY21WemN5azZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKMWMyVnlibUZ0WlNJZ2JtRnRaVDBpZFhObGNtNWhiV1VpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReElpQnVZVzFsUFNKd1lYTnpkMjl5WkRFaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDVEYjI1bWFYSnRJRkJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReUlpQnVZVzFsUFNKd1lYTnpkMjl5WkRJaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDQ4TDNSa1Bnb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluTjFZbTFwZENJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlVbVZuYVhOMFpYSWlQand2YVc1d2RYUStQQzkwWkQ0S0NUd3ZkSEkrQ2drOEwzUmhZbXhsUGdvSlBDOWpaVzUwWlhJK0Nqd3ZabTl5YlQ0S0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 89, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 90, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 91, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 92, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 93, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 94, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 95, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 96, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 97, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 98, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 99, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 100, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 101, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 102, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 103, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 104, + "fields": { + "finding": 347, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 105, + "fields": { + "finding": 347, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 106, + "fields": { + "finding": 347, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.risk_acceptance", + "pk": 1, + "fields": { + "name": "Simple Builtin Risk Acceptance", + "recommendation": "F", + "recommendation_details": null, + "decision": "A", + "decision_details": "These findings are accepted using a simple risk acceptance without expiration date, approval document or compensating control information. Unaccept and use full risk acceptance if you need to have more control over those fields.", + "accepted_by": null, + "path": "", + "owner": [ + "admin" + ], + "expiration_date": null, + "expiration_date_warned": null, + "expiration_date_handled": null, + "reactivate_expired": true, + "restart_sla_expired": false, + "created": "2024-01-29T15:35:18.089Z", + "updated": "2024-01-29T15:35:18.089Z", + "accepted_findings": [ + 2 + ], + "notes": [] + } +}, +{ + "model": "dojo.jira_instance", + "pk": 2, + "fields": { + "configuration_name": "Happy little JIRA 2", + "url": "http://www.testjira.com", + "username": "user1", + "password": "user1", + "default_issue_type": "Task", + "issue_template_dir": null, + "epic_name_id": 111, + "open_status_key": 111, + "close_status_key": 112, + "info_mapping_severity": "Trivial", + "low_mapping_severity": "test severity", + "medium_mapping_severity": "test severity", + "high_mapping_severity": "test severity", + "critical_mapping_severity": "test severity", + "finding_text": "", + "accepted_mapping_resolution": null, + "false_positive_mapping_resolution": null, + "global_jira_sla_notification": false, + "finding_jira_sync": false + } +}, +{ + "model": "dojo.jira_instance", + "pk": 3, + "fields": { + "configuration_name": "Happy little JIRA 3", + "url": "http://www.testjira.com", + "username": "user2", + "password": "user2", + "default_issue_type": "Task", + "issue_template_dir": null, + "epic_name_id": 222, + "open_status_key": 222, + "close_status_key": 223, + "info_mapping_severity": "Trivial", + "low_mapping_severity": "test severity", + "medium_mapping_severity": "test severity", + "high_mapping_severity": "test severity", + "critical_mapping_severity": "test severity", + "finding_text": "", + "accepted_mapping_resolution": null, + "false_positive_mapping_resolution": null, + "global_jira_sla_notification": false, + "finding_jira_sync": false + } +}, +{ + "model": "dojo.jira_instance", + "pk": 4, + "fields": { + "configuration_name": "Happy little JIRA 4", + "url": "http://www.testjira.com", + "username": "user3", + "password": "user3", + "default_issue_type": "Spike", + "issue_template_dir": null, + "epic_name_id": 333, + "open_status_key": 333, + "close_status_key": 334, + "info_mapping_severity": "Trivial", + "low_mapping_severity": "test severity", + "medium_mapping_severity": "test severity", + "high_mapping_severity": "test severity", + "critical_mapping_severity": "test severity", + "finding_text": "", + "accepted_mapping_resolution": null, + "false_positive_mapping_resolution": null, + "global_jira_sla_notification": false, + "finding_jira_sync": false + } +}, +{ + "model": "dojo.jira_project", + "pk": 1, + "fields": { + "jira_instance": 2, + "project_key": "key1", + "product": 1, + "issue_template_dir": null, + "engagement": null, + "component": "", + "custom_fields": null, + "default_assignee": null, + "jira_labels": null, + "add_vulnerability_id_to_jira_label": false, + "push_all_issues": false, + "enable_engagement_epic_mapping": true, + "epic_issue_type_name": "Epic", + "push_notes": false, + "product_jira_sla_notification": false, + "risk_acceptance_expiration_notification": false, + "enabled": true + } +}, +{ + "model": "dojo.jira_project", + "pk": 2, + "fields": { + "jira_instance": 3, + "project_key": "key2", + "product": 2, + "issue_template_dir": null, + "engagement": null, + "component": "", + "custom_fields": null, + "default_assignee": null, + "jira_labels": null, + "add_vulnerability_id_to_jira_label": false, + "push_all_issues": true, + "enable_engagement_epic_mapping": true, + "epic_issue_type_name": "Epic", + "push_notes": true, + "product_jira_sla_notification": false, + "risk_acceptance_expiration_notification": false, + "enabled": true + } +}, +{ + "model": "dojo.jira_project", + "pk": 3, + "fields": { + "jira_instance": 4, + "project_key": "key3", + "product": 3, + "issue_template_dir": null, + "engagement": null, + "component": "", + "custom_fields": null, + "default_assignee": null, + "jira_labels": null, + "add_vulnerability_id_to_jira_label": false, + "push_all_issues": false, + "enable_engagement_epic_mapping": false, + "epic_issue_type_name": "Epic", + "push_notes": false, + "product_jira_sla_notification": false, + "risk_acceptance_expiration_notification": false, + "enabled": true + } +}, +{ + "model": "dojo.jira_issue", + "pk": 2, + "fields": { + "jira_project": null, + "jira_id": "2", + "jira_key": "222", + "finding": 5, + "engagement": 3, + "finding_group": null, + "jira_creation": null, + "jira_change": null + } +}, +{ + "model": "dojo.jira_issue", + "pk": 3, + "fields": { + "jira_project": null, + "jira_id": "3", + "jira_key": "333", + "finding": 6, + "engagement": 1, + "finding_group": null, + "jira_creation": null, + "jira_change": null + } +}, +{ + "model": "dojo.notifications", + "pk": 1, + "fields": { + "product_type_added": "alert,alert", + "product_added": "alert,alert", + "engagement_added": "alert,alert", + "test_added": "alert,alert", + "scan_added": "alert,alert", + "scan_added_empty": "", + "jira_update": "alert,alert", + "upcoming_engagement": "alert,alert", + "stale_engagement": "alert,alert", + "auto_close_engagement": "alert,alert", + "close_engagement": "alert,alert", + "user_mentioned": "alert,alert", + "code_review": "alert,alert", + "review_requested": "alert,alert", + "other": "alert,alert", + "user": [ + "admin" + ], + "product": null, + "template": false, + "sla_breach": "alert,alert", + "risk_acceptance_expiration": "alert,alert", + "sla_breach_combined": "alert,alert" + } +}, +{ + "model": "dojo.notifications", + "pk": 2, + "fields": { + "product_type_added": "alert,alert", + "product_added": "alert,alert", + "engagement_added": "alert,alert", + "test_added": "alert,alert", + "scan_added": "alert,alert", + "scan_added_empty": "", + "jira_update": "alert,alert", + "upcoming_engagement": "alert,alert", + "stale_engagement": "alert,alert", + "auto_close_engagement": "alert,alert", + "close_engagement": "alert,alert", + "user_mentioned": "alert,alert", + "code_review": "alert,alert", + "review_requested": "alert,alert", + "other": "alert,alert", + "user": [ + "product_manager" + ], + "product": null, + "template": false, + "sla_breach": "alert,alert", + "risk_acceptance_expiration": "alert,alert", + "sla_breach_combined": "alert,alert" + } +}, +{ + "model": "dojo.notifications", + "pk": 3, + "fields": { + "product_type_added": "alert,alert", + "product_added": "alert,alert", + "engagement_added": "alert,alert", + "test_added": "alert,alert", + "scan_added": "alert,alert", + "scan_added_empty": "", + "jira_update": "alert,alert", + "upcoming_engagement": "alert,alert", + "stale_engagement": "alert,alert", + "auto_close_engagement": "alert,alert", + "close_engagement": "alert,alert", + "user_mentioned": "alert,alert", + "code_review": "alert,alert", + "review_requested": "alert,alert", + "other": "alert,alert", + "user": [ + "user2" + ], + "product": null, + "template": false, + "sla_breach": "alert,alert", + "risk_acceptance_expiration": "alert,alert", + "sla_breach_combined": "alert,alert" + } +}, +{ + "model": "dojo.tool_product_settings", + "pk": 1, + "fields": { + "name": "Product Setting 1", + "description": "test product setting", + "url": "http://www.example.com", + "product": 1, + "tool_configuration": 1, + "tool_project_id": "1", + "notes": [] + } +}, +{ + "model": "dojo.tool_product_settings", + "pk": 2, + "fields": { + "name": "Product Setting 2", + "description": "test product setting", + "url": "http://www.example.com", + "product": 1, + "tool_configuration": 2, + "tool_project_id": "2", + "notes": [] + } +}, +{ + "model": "dojo.tool_product_settings", + "pk": 3, + "fields": { + "name": "Product Setting 3", + "description": "test product setting", + "url": "http://www.example.com", + "product": 1, + "tool_configuration": 3, + "tool_project_id": "3", + "notes": [] + } +}, +{ + "model": "dojo.alerts", + "pk": 1, + "fields": { + "title": "Static Scan for Python How-to", + "description": "\n\n\n The engagement \"Python How-to\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/4", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:01:00.711Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 2, + "fields": { + "title": "Static Scan for Python How-to", + "description": "\n\n\n The engagement \"Python How-to\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/4", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:01:00.726Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 3, + "fields": { + "title": "0 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/17", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:22:29.720Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 4, + "fields": { + "title": "0 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/17", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:22:29.733Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 5, + "fields": { + "title": "Quarterly PCI Scan for Bodgeit", + "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/6", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:25:29.445Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 6, + "fields": { + "title": "Quarterly PCI Scan for Bodgeit", + "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/6", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:25:29.455Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 7, + "fields": { + "title": "Qualys Scan for Bodgeit", + "description": "\n\n\n New test added for engagement Bodgeit: Qualys Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/6", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:25:46.372Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 8, + "fields": { + "title": "Qualys Scan for Bodgeit", + "description": "\n\n\n New test added for engagement Bodgeit: Qualys Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/6", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:25:46.385Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 9, + "fields": { + "title": "Initial Assessment for Account Software", + "description": "\n\n\n The engagement \"Account Software\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:42:51.166Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 10, + "fields": { + "title": "Initial Assessment for Account Software", + "description": "\n\n\n The engagement \"Account Software\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:42:51.176Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 11, + "fields": { + "title": "API Test for Account Software", + "description": "\n\n\n New test added for engagement Account Software: API Test.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:43:09.143Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 12, + "fields": { + "title": "API Test for Account Software", + "description": "\n\n\n New test added for engagement Account Software: API Test.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:43:09.153Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 13, + "fields": { + "title": "Nmap Scan for Account Software", + "description": "\n\n\n New test added for engagement Account Software: Nmap Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:43:23.460Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 14, + "fields": { + "title": "Nmap Scan for Account Software", + "description": "\n\n\n New test added for engagement Account Software: Nmap Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:43:23.472Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 15, + "fields": { + "title": "Dependency Check Scan for Account Software", + "description": "\n\n\n New test added for engagement Account Software: Dependency Check Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:43:41.770Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 16, + "fields": { + "title": "Dependency Check Scan for Account Software", + "description": "\n\n\n New test added for engagement Account Software: Dependency Check Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:43:41.785Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 17, + "fields": { + "title": "ZAP Scan for Account Software", + "description": "\n\n\n New test added for engagement Account Software: ZAP Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:44:01.865Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 18, + "fields": { + "title": "ZAP Scan for Account Software", + "description": "\n\n\n New test added for engagement Account Software: ZAP Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:44:01.877Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 19, + "fields": { + "title": "2 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/25", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T06:44:36.344Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 20, + "fields": { + "title": "2 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/25", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T06:44:36.353Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 21, + "fields": { + "title": "18 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/26", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T06:46:09.906Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 22, + "fields": { + "title": "18 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/26", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T06:46:09.914Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 23, + "fields": { + "title": "10 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/28", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T06:47:20.764Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 24, + "fields": { + "title": "10 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/28", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T06:47:20.774Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 25, + "fields": { + "title": "Manual PenTest for Bodgeit", + "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/11", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T06:54:11.922Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 26, + "fields": { + "title": "Manual PenTest for Bodgeit", + "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/11", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T06:54:11.931Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 27, + "fields": { + "title": "Manual Code Review for Bodgeit", + "description": "\n\n\n New test added for engagement Bodgeit: Manual Code Review.\n", + "url": "http://defectdojo.herokuapp.com/engagement/11", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T06:54:24.017Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 28, + "fields": { + "title": "Manual Code Review for Bodgeit", + "description": "\n\n\n New test added for engagement Bodgeit: Manual Code Review.\n", + "url": "http://defectdojo.herokuapp.com/engagement/11", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T06:54:24.025Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 29, + "fields": { + "title": "Pen Test for Bodgeit", + "description": "\n\n\n New test added for engagement Bodgeit: Pen Test.\n", + "url": "http://defectdojo.herokuapp.com/engagement/11", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T06:54:35.541Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 30, + "fields": { + "title": "Pen Test for Bodgeit", + "description": "\n\n\n New test added for engagement Bodgeit: Pen Test.\n", + "url": "http://defectdojo.herokuapp.com/engagement/11", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T06:54:35.551Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 31, + "fields": { + "title": "CI/CD Baseline Security Test for Bodgeit", + "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/12", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T07:06:26.179Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 32, + "fields": { + "title": "CI/CD Baseline Security Test for Bodgeit", + "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/12", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T07:06:26.187Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 33, + "fields": { + "title": "28 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/31", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T07:07:23.992Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 34, + "fields": { + "title": "28 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/31", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T07:07:24.008Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 35, + "fields": { + "title": "10 findings for BodgeIt", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/32", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T10:43:09.169Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 36, + "fields": { + "title": "10 findings for BodgeIt", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/32", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T10:43:09.178Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 37, + "fields": { + "title": "10 findings for BodgeIt", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/37", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T10:51:04.993Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 38, + "fields": { + "title": "10 findings for BodgeIt", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/37", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T10:51:05.001Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 39, + "fields": { + "title": "10 findings for BodgeIt", + "description": "\n\n\n \n\n", + "url": "http://localhost:8000/test/39", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T10:52:48.176Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 40, + "fields": { + "title": "10 findings for BodgeIt", + "description": "\n\n\n \n\n", + "url": "http://localhost:8000/test/39", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T10:52:48.263Z" + } +}, +{ + "model": "dojo.language_type", + "pk": 1, + "fields": { + "language": "ActionScript", + "color": "#F2D7D5" + } +}, +{ + "model": "dojo.language_type", + "pk": 2, + "fields": { + "language": "Python", + "color": "#006400" + } +}, +{ + "model": "dojo.language_type", + "pk": 3, + "fields": { + "language": "Ruby", + "color": "#cd5c5c" + } +}, +{ + "model": "dojo.language_type", + "pk": 4, + "fields": { + "language": "ABAP", + "color": "#F9EBEA" + } +}, +{ + "model": "dojo.language_type", + "pk": 5, + "fields": { + "language": "Ada", + "color": "#E6B0AA" + } +}, +{ + "model": "dojo.language_type", + "pk": 6, + "fields": { + "language": "ADSO/IDSM", + "color": "#D98880" + } +}, +{ + "model": "dojo.language_type", + "pk": 7, + "fields": { + "language": "Agda", + "color": "#CD6155" + } +}, +{ + "model": "dojo.language_type", + "pk": 8, + "fields": { + "language": "AMPLE", + "color": "#C0392B" + } +}, +{ + "model": "dojo.language_type", + "pk": 9, + "fields": { + "language": "Ant", + "color": "#A93226" + } +}, +{ + "model": "dojo.language_type", + "pk": 10, + "fields": { + "language": "ANTLR Grammar", + "color": "#641E16" + } +}, +{ + "model": "dojo.language_type", + "pk": 11, + "fields": { + "language": "Apex Trigger", + "color": "#FDEDEC" + } +}, +{ + "model": "dojo.language_type", + "pk": 12, + "fields": { + "language": "Arduino Sketch", + "color": "#FADBD8" + } +}, +{ + "model": "dojo.language_type", + "pk": 13, + "fields": { + "language": "AsciiDoc", + "color": "#F1948A" + } +}, +{ + "model": "dojo.language_type", + "pk": 14, + "fields": { + "language": "ASP", + "color": "#E74C3C" + } +}, +{ + "model": "dojo.language_type", + "pk": 15, + "fields": { + "language": "ASP.NET", + "color": "#CB4335" + } +}, +{ + "model": "dojo.language_type", + "pk": 16, + "fields": { + "language": "AspectJ", + "color": "#943126" + } +}, +{ + "model": "dojo.language_type", + "pk": 17, + "fields": { + "language": "Assembly", + "color": "#78281F" + } +}, +{ + "model": "dojo.language_type", + "pk": 18, + "fields": { + "language": "AutoHotkey", + "color": "#F5EEF8" + } +}, +{ + "model": "dojo.language_type", + "pk": 19, + "fields": { + "language": "awk", + "color": "#EBDEF0" + } +}, +{ + "model": "dojo.language_type", + "pk": 20, + "fields": { + "language": "Blade", + "color": "#D7BDE2" + } +}, +{ + "model": "dojo.language_type", + "pk": 21, + "fields": { + "language": "Bourne Again Shell", + "color": "#C39BD3" + } +}, +{ + "model": "dojo.language_type", + "pk": 22, + "fields": { + "language": "Bourne Shell", + "color": "#AF7AC5" + } +}, +{ + "model": "dojo.language_type", + "pk": 23, + "fields": { + "language": "BrightScript", + "color": "#884EA0" + } +}, +{ + "model": "dojo.language_type", + "pk": 24, + "fields": { + "language": "C", + "color": "#6C3483" + } +}, +{ + "model": "dojo.language_type", + "pk": 25, + "fields": { + "language": "C Shell", + "color": "#5B2C6F" + } +}, +{ + "model": "dojo.language_type", + "pk": 26, + "fields": { + "language": "C#", + "color": "#4A235A" + } +}, +{ + "model": "dojo.language_type", + "pk": 27, + "fields": { + "language": "C++", + "color": "#F4ECF7" + } +}, +{ + "model": "dojo.language_type", + "pk": 28, + "fields": { + "language": "C/C++ Header", + "color": "#E8DAEF" + } +}, +{ + "model": "dojo.language_type", + "pk": 29, + "fields": { + "language": "CCS", + "color": "#D2B4DE" + } +}, +{ + "model": "dojo.language_type", + "pk": 30, + "fields": { + "language": "Chapel", + "color": "#BB8FCE" + } +}, +{ + "model": "dojo.language_type", + "pk": 31, + "fields": { + "language": "Clean", + "color": "#8E44AD" + } +}, +{ + "model": "dojo.language_type", + "pk": 32, + "fields": { + "language": "Clojure", + "color": "#7D3C98" + } +}, +{ + "model": "dojo.language_type", + "pk": 33, + "fields": { + "language": "ClojureC", + "color": "#7D3C98" + } +}, +{ + "model": "dojo.language_type", + "pk": 34, + "fields": { + "language": "ClojureScript", + "color": "#5B2C6F" + } +}, +{ + "model": "dojo.language_type", + "pk": 35, + "fields": { + "language": "CMake", + "color": "#4A235A" + } +}, +{ + "model": "dojo.language_type", + "pk": 36, + "fields": { + "language": "COBOL", + "color": "#EAF2F8" + } +}, +{ + "model": "dojo.language_type", + "pk": 37, + "fields": { + "language": "CoffeeScript", + "color": "#D4E6F1" + } +}, +{ + "model": "dojo.language_type", + "pk": 38, + "fields": { + "language": "ColdFusion", + "color": "#D6EAF8" + } +}, +{ + "model": "dojo.language_type", + "pk": 39, + "fields": { + "language": "ColdFusion CFScript", + "color": "#A9CCE3" + } +}, +{ + "model": "dojo.language_type", + "pk": 40, + "fields": { + "language": "Coq", + "color": "#7FB3D5" + } +}, +{ + "model": "dojo.language_type", + "pk": 41, + "fields": { + "language": "Crystal", + "color": "#5499C7" + } +}, +{ + "model": "dojo.language_type", + "pk": 42, + "fields": { + "language": "CSON", + "color": "#1A5276" + } +}, +{ + "model": "dojo.language_type", + "pk": 43, + "fields": { + "language": "CSS", + "color": "#EBF5FB" + } +}, +{ + "model": "dojo.language_type", + "pk": 44, + "fields": { + "language": "Cucumber", + "color": "#D4E6F1" + } +}, +{ + "model": "dojo.language_type", + "pk": 45, + "fields": { + "language": "CUDA", + "color": "#7FB3D5" + } +}, +{ + "model": "dojo.language_type", + "pk": 46, + "fields": { + "language": "Cython", + "color": "#5499C7" + } +}, +{ + "model": "dojo.language_type", + "pk": 47, + "fields": { + "language": "D", + "color": "#2980B9" + } +}, +{ + "model": "dojo.language_type", + "pk": 48, + "fields": { + "language": "DAL", + "color": "#2471A3" + } +}, +{ + "model": "dojo.language_type", + "pk": 49, + "fields": { + "language": "Dart", + "color": "#1A5276" + } +}, +{ + "model": "dojo.language_type", + "pk": 50, + "fields": { + "language": "diff", + "color": "#154360" + } +}, +{ + "model": "dojo.language_type", + "pk": 51, + "fields": { + "language": "DITA", + "color": "#EBF5FB" + } +}, +{ + "model": "dojo.language_type", + "pk": 52, + "fields": { + "language": "DOS Batch", + "color": "#AED6F1" + } +}, +{ + "model": "dojo.language_type", + "pk": 53, + "fields": { + "language": "Drools", + "color": "#85C1E9" + } +}, +{ + "model": "dojo.language_type", + "pk": 54, + "fields": { + "language": "DTD", + "color": "#5DADE2" + } +}, +{ + "model": "dojo.language_type", + "pk": 55, + "fields": { + "language": "dtrace", + "color": "#2980B9" + } +}, +{ + "model": "dojo.language_type", + "pk": 56, + "fields": { + "language": "ECPP", + "color": "#2471A3" + } +}, +{ + "model": "dojo.language_type", + "pk": 57, + "fields": { + "language": "EEx", + "color": "#1F618D" + } +}, +{ + "model": "dojo.language_type", + "pk": 58, + "fields": { + "language": "Elixir", + "color": "#154360" + } +}, +{ + "model": "dojo.language_type", + "pk": 59, + "fields": { + "language": "Elm", + "color": "#EBF5FB" + } +}, +{ + "model": "dojo.language_type", + "pk": 60, + "fields": { + "language": "ERB", + "color": "#D6EAF8" + } +}, +{ + "model": "dojo.language_type", + "pk": 61, + "fields": { + "language": "Erlang", + "color": "#AED6F1" + } +}, +{ + "model": "dojo.language_type", + "pk": 62, + "fields": { + "language": "Expect", + "color": "#85C1E9" + } +}, +{ + "model": "dojo.language_type", + "pk": 63, + "fields": { + "language": "F#", + "color": "#5DADE2" + } +}, +{ + "model": "dojo.language_type", + "pk": 64, + "fields": { + "language": "F# Script", + "color": "#3498DB" + } +}, +{ + "model": "dojo.language_type", + "pk": 65, + "fields": { + "language": "Fish Shell", + "color": "#2E86C1" + } +}, +{ + "model": "dojo.language_type", + "pk": 66, + "fields": { + "language": "Focus", + "color": "#2874A6" + } +}, +{ + "model": "dojo.language_type", + "pk": 67, + "fields": { + "language": "Forth", + "color": "#1B4F72" + } +}, +{ + "model": "dojo.language_type", + "pk": 68, + "fields": { + "language": "Fortran 77", + "color": "#E8F8F5" + } +}, +{ + "model": "dojo.language_type", + "pk": 69, + "fields": { + "language": "Fortran 90", + "color": "#D1F2EB" + } +}, +{ + "model": "dojo.language_type", + "pk": 70, + "fields": { + "language": "Freemarker Template", + "color": "#" + } +}, +{ + "model": "dojo.language_type", + "pk": 71, + "fields": { + "language": "GDScript", + "color": "#A3E4D7" + } +}, +{ + "model": "dojo.language_type", + "pk": 72, + "fields": { + "language": "Gencat NLS", + "color": "#76D7C4" + } +}, +{ + "model": "dojo.language_type", + "pk": 73, + "fields": { + "language": "Glade", + "color": "#48C9B0" + } +}, +{ + "model": "dojo.language_type", + "pk": 74, + "fields": { + "language": "GLSL", + "color": "#1ABC9C" + } +}, +{ + "model": "dojo.language_type", + "pk": 75, + "fields": { + "language": "Go", + "color": "#17A589" + } +}, +{ + "model": "dojo.language_type", + "pk": 76, + "fields": { + "language": "Grails", + "color": "#148F77" + } +}, +{ + "model": "dojo.language_type", + "pk": 77, + "fields": { + "language": "GraphQL", + "color": "#117864" + } +}, +{ + "model": "dojo.language_type", + "pk": 78, + "fields": { + "language": "Groovy", + "color": "#0E6251" + } +}, +{ + "model": "dojo.language_type", + "pk": 79, + "fields": { + "language": "Haml", + "color": "#E8F6F3" + } +}, +{ + "model": "dojo.language_type", + "pk": 80, + "fields": { + "language": "Handlebars", + "color": "#A3E4D7" + } +}, +{ + "model": "dojo.language_type", + "pk": 81, + "fields": { + "language": "Harbour", + "color": "#76D7C4" + } +}, +{ + "model": "dojo.language_type", + "pk": 82, + "fields": { + "language": "Haskell", + "color": "#48C9B0" + } +}, +{ + "model": "dojo.language_type", + "pk": 83, + "fields": { + "language": "Haxe", + "color": "#1ABC9C" + } +}, +{ + "model": "dojo.language_type", + "pk": 84, + "fields": { + "language": "HCL", + "color": "#17A589" + } +}, +{ + "model": "dojo.language_type", + "pk": 85, + "fields": { + "language": "HLSL", + "color": "#148F77" + } +}, +{ + "model": "dojo.language_type", + "pk": 86, + "fields": { + "language": "HTML", + "color": "#117864" + } +}, +{ + "model": "dojo.language_type", + "pk": 87, + "fields": { + "language": "IDL", + "color": "#0E6251" + } +}, +{ + "model": "dojo.language_type", + "pk": 88, + "fields": { + "language": "Idris", + "color": "#0B5345" + } +}, +{ + "model": "dojo.language_type", + "pk": 89, + "fields": { + "language": "InstallShield", + "color": "#D4EFDF" + } +}, +{ + "model": "dojo.language_type", + "pk": 90, + "fields": { + "language": "Java", + "color": "#A9DFBF" + } +}, +{ + "model": "dojo.language_type", + "pk": 91, + "fields": { + "language": "JavaScript", + "color": "#7DCEA0" + } +}, +{ + "model": "dojo.language_type", + "pk": 92, + "fields": { + "language": "JavaServer Faces", + "color": "#52BE80" + } +}, +{ + "model": "dojo.language_type", + "pk": 93, + "fields": { + "language": "JCL", + "color": "#27AE60" + } +}, +{ + "model": "dojo.language_type", + "pk": 94, + "fields": { + "language": "JSON", + "color": "#229954" + } +}, +{ + "model": "dojo.language_type", + "pk": 95, + "fields": { + "language": "JSP", + "color": "#1E8449" + } +}, +{ + "model": "dojo.language_type", + "pk": 97, + "fields": { + "language": "JSX", + "color": "#196F3D" + } +}, +{ + "model": "dojo.language_type", + "pk": 98, + "fields": { + "language": "Julia", + "color": "#0B5345" + } +}, +{ + "model": "dojo.language_type", + "pk": 99, + "fields": { + "language": "Kermit", + "color": "#800000" + } +}, +{ + "model": "dojo.language_type", + "pk": 100, + "fields": { + "language": "Korn Shell", + "color": "#A52A2A" + } +}, +{ + "model": "dojo.language_type", + "pk": 101, + "fields": { + "language": "Kotlin", + "color": "#A0522D" + } +}, +{ + "model": "dojo.language_type", + "pk": 102, + "fields": { + "language": "Lean", + "color": "#8B4513" + } +}, +{ + "model": "dojo.language_type", + "pk": 103, + "fields": { + "language": "LESS", + "color": "#D2691E" + } +}, +{ + "model": "dojo.language_type", + "pk": 104, + "fields": { + "language": "lex", + "color": "#CD853F" + } +}, +{ + "model": "dojo.language_type", + "pk": 105, + "fields": { + "language": "LFE", + "color": "#DAA520" + } +}, +{ + "model": "dojo.language_type", + "pk": 106, + "fields": { + "language": "liquid", + "color": "#F4A460" + } +}, +{ + "model": "dojo.language_type", + "pk": 107, + "fields": { + "language": "Lisp", + "color": "#BC8F8F" + } +}, +{ + "model": "dojo.language_type", + "pk": 108, + "fields": { + "language": "Literate Idris", + "color": "#D2B48C" + } +}, +{ + "model": "dojo.language_type", + "pk": 109, + "fields": { + "language": "LiveLink OScript", + "color": "#DEB887" + } +}, +{ + "model": "dojo.language_type", + "pk": 110, + "fields": { + "language": "Logtalk", + "color": "#F5DEB3" + } +}, +{ + "model": "dojo.language_type", + "pk": 111, + "fields": { + "language": "Lua", + "color": "#FFDEAD" + } +}, +{ + "model": "dojo.language_type", + "pk": 112, + "fields": { + "language": "m4", + "color": "#FFE4C4" + } +}, +{ + "model": "dojo.language_type", + "pk": 113, + "fields": { + "language": "make", + "color": "#FFEBCD" + } +}, +{ + "model": "dojo.language_type", + "pk": 114, + "fields": { + "language": "Mako", + "color": "#FFF8DC" + } +}, +{ + "model": "dojo.language_type", + "pk": 115, + "fields": { + "language": "Markdown", + "color": "#2F4F4F" + } +}, +{ + "model": "dojo.language_type", + "pk": 116, + "fields": { + "language": "Mathematica", + "color": "#708090" + } +}, +{ + "model": "dojo.language_type", + "pk": 117, + "fields": { + "language": "MATLAB", + "color": "#778899" + } +}, +{ + "model": "dojo.language_type", + "pk": 118, + "fields": { + "language": "Maven", + "color": "#696969" + } +}, +{ + "model": "dojo.language_type", + "pk": 119, + "fields": { + "language": "Modula3", + "color": "#808080" + } +}, +{ + "model": "dojo.language_type", + "pk": 120, + "fields": { + "language": "MSBuild script", + "color": "#A9A9A9" + } +}, +{ + "model": "dojo.language_type", + "pk": 121, + "fields": { + "language": "MUMPS", + "color": "#FFE4E1" + } +}, +{ + "model": "dojo.language_type", + "pk": 122, + "fields": { + "language": "Mustache", + "color": "#FFF0F5" + } +}, +{ + "model": "dojo.language_type", + "pk": 123, + "fields": { + "language": "MXML", + "color": "#FAEBD7" + } +}, +{ + "model": "dojo.language_type", + "pk": 124, + "fields": { + "language": "NAnt script", + "color": "#FFFFF0" + } +}, +{ + "model": "dojo.language_type", + "pk": 125, + "fields": { + "language": "NASTRAN DMAP", + "color": "#FFFAF0" + } +}, +{ + "model": "dojo.language_type", + "pk": 126, + "fields": { + "language": "Nemerle", + "color": "#FDF5E6" + } +}, +{ + "model": "dojo.language_type", + "pk": 127, + "fields": { + "language": "Nim", + "color": "#F5F5DC" + } +}, +{ + "model": "dojo.language_type", + "pk": 128, + "fields": { + "language": "Objective C", + "color": "#cc00cc" + } +}, +{ + "model": "dojo.language_type", + "pk": 129, + "fields": { + "language": "Objective C++", + "color": "#ff9966" + } +}, +{ + "model": "dojo.language_type", + "pk": 130, + "fields": { + "language": "OCaml", + "color": "#F8F8FF" + } +}, +{ + "model": "dojo.language_type", + "pk": 131, + "fields": { + "language": "OpenCL", + "color": "#F0F8FF" + } +}, +{ + "model": "dojo.language_type", + "pk": 132, + "fields": { + "language": "Oracle Forms", + "color": "#F0FFFF" + } +}, +{ + "model": "dojo.language_type", + "pk": 133, + "fields": { + "language": "Oracle PL/SQL", + "color": "#F5FFFA" + } +}, +{ + "model": "dojo.language_type", + "pk": 134, + "fields": { + "language": "Oracle Reports", + "color": "#F0FFF0" + } +}, +{ + "model": "dojo.language_type", + "pk": 135, + "fields": { + "language": "Pascal", + "color": "#FFFAFA" + } +}, +{ + "model": "dojo.language_type", + "pk": 136, + "fields": { + "language": "Pascal/Puppet", + "color": "#C71585" + } +}, +{ + "model": "dojo.language_type", + "pk": 137, + "fields": { + "language": "Patran Command Language", + "color": "#DB7093" + } +}, +{ + "model": "dojo.language_type", + "pk": 138, + "fields": { + "language": "Perl", + "color": "#FF1493" + } +}, +{ + "model": "dojo.language_type", + "pk": 139, + "fields": { + "language": "PHP", + "color": "#FF69B4" + } +}, +{ + "model": "dojo.language_type", + "pk": 140, + "fields": { + "language": "PHP/Pascal", + "color": "#FFB6C1" + } +}, +{ + "model": "dojo.language_type", + "pk": 141, + "fields": { + "language": "PL/I", + "color": "#FFC0CB" + } +}, +{ + "model": "dojo.language_type", + "pk": 143, + "fields": { + "language": "PL/M", + "color": "#4B0082" + } +}, +{ + "model": "dojo.language_type", + "pk": 144, + "fields": { + "language": "PowerBuilder", + "color": "#800080" + } +}, +{ + "model": "dojo.language_type", + "pk": 145, + "fields": { + "language": "PowerShell", + "color": "#8B008B" + } +}, +{ + "model": "dojo.language_type", + "pk": 146, + "fields": { + "language": "ProGuard", + "color": "#9932CC" + } +}, +{ + "model": "dojo.language_type", + "pk": 147, + "fields": { + "language": "Prolog", + "color": "#9400D3" + } +}, +{ + "model": "dojo.language_type", + "pk": 148, + "fields": { + "language": "Protocol Buffers", + "color": "#8A2BE2" + } +}, +{ + "model": "dojo.language_type", + "pk": 149, + "fields": { + "language": "Pug", + "color": "#9370DB" + } +}, +{ + "model": "dojo.language_type", + "pk": 150, + "fields": { + "language": "PureScript", + "color": "#BA55D3" + } +}, +{ + "model": "dojo.language_type", + "pk": 151, + "fields": { + "language": "QML", + "color": "#FF00FF" + } +}, +{ + "model": "dojo.language_type", + "pk": 152, + "fields": { + "language": "Qt", + "color": "#FF00FF" + } +}, +{ + "model": "dojo.language_type", + "pk": 153, + "fields": { + "language": "Qt Linguist", + "color": "#DA70D6" + } +}, +{ + "model": "dojo.language_type", + "pk": 154, + "fields": { + "language": "Qt Project", + "color": "#EE82EE" + } +}, +{ + "model": "dojo.language_type", + "pk": 155, + "fields": { + "language": "R", + "color": "#DDA0DD" + } +}, +{ + "model": "dojo.language_type", + "pk": 156, + "fields": { + "language": "Racket", + "color": "#D8BFD8" + } +}, +{ + "model": "dojo.language_type", + "pk": 157, + "fields": { + "language": "RAML", + "color": "#E6E6FA" + } +}, +{ + "model": "dojo.language_type", + "pk": 158, + "fields": { + "language": "RapydScript", + "color": "#483D8B" + } +}, +{ + "model": "dojo.language_type", + "pk": 159, + "fields": { + "language": "Razor", + "color": "#6A5ACD" + } +}, +{ + "model": "dojo.language_type", + "pk": 160, + "fields": { + "language": "Rexx", + "color": "#7B68EE" + } +}, +{ + "model": "dojo.language_type", + "pk": 161, + "fields": { + "language": "RobotFramework", + "color": "#191970" + } +}, +{ + "model": "dojo.language_type", + "pk": 162, + "fields": { + "language": "Ruby", + "color": "#000080" + } +}, +{ + "model": "dojo.language_type", + "pk": 163, + "fields": { + "language": "Ruby HTML", + "color": "#00008B" + } +}, +{ + "model": "dojo.language_type", + "pk": 164, + "fields": { + "language": "Rust", + "color": "#0000CD" + } +}, +{ + "model": "dojo.language_type", + "pk": 165, + "fields": { + "language": "SAS", + "color": "#0000FF" + } +}, +{ + "model": "dojo.language_type", + "pk": 166, + "fields": { + "language": "Sass", + "color": "#4169E1" + } +}, +{ + "model": "dojo.language_type", + "pk": 167, + "fields": { + "language": "Scala", + "color": "#4682B4" + } +}, +{ + "model": "dojo.language_type", + "pk": 168, + "fields": { + "language": "Scheme", + "color": "#6495ED" + } +}, +{ + "model": "dojo.language_type", + "pk": 169, + "fields": { + "language": "sed", + "color": "#1E90FF" + } +}, +{ + "model": "dojo.language_type", + "pk": 170, + "fields": { + "language": "SKILL", + "color": "#B0C4DE" + } +}, +{ + "model": "dojo.language_type", + "pk": 171, + "fields": { + "language": "SKILL++", + "color": "#00BFFF" + } +}, +{ + "model": "dojo.language_type", + "pk": 172, + "fields": { + "language": "Skylark", + "color": "#87CEEB" + } +}, +{ + "model": "dojo.language_type", + "pk": 173, + "fields": { + "language": "Slice", + "color": "#87CEFA" + } +}, +{ + "model": "dojo.language_type", + "pk": 174, + "fields": { + "language": "Slim", + "color": "#ADD8E6" + } +}, +{ + "model": "dojo.language_type", + "pk": 175, + "fields": { + "language": "Smalltalk", + "color": "#B0E0E6" + } +}, +{ + "model": "dojo.language_type", + "pk": 176, + "fields": { + "language": "Smarty", + "color": "#008080" + } +}, +{ + "model": "dojo.language_type", + "pk": 177, + "fields": { + "language": "Softbridge Basic", + "color": "#008B8B" + } +}, +{ + "model": "dojo.language_type", + "pk": 179, + "fields": { + "language": "Solidity", + "color": "#5F9EA0" + } +}, +{ + "model": "dojo.language_type", + "pk": 180, + "fields": { + "language": "Specman e", + "color": "#20B2AA" + } +}, +{ + "model": "dojo.language_type", + "pk": 181, + "fields": { + "language": "SQL", + "color": "#00CED1" + } +}, +{ + "model": "dojo.language_type", + "pk": 182, + "fields": { + "language": "SQL Data", + "color": "#48D1CC" + } +}, +{ + "model": "dojo.language_type", + "pk": 183, + "fields": { + "language": "SQL Stored Procedure", + "color": "#40E0D0" + } +}, +{ + "model": "dojo.language_type", + "pk": 184, + "fields": { + "language": "Standard ML", + "color": "#AFEEEE" + } +}, +{ + "model": "dojo.language_type", + "pk": 185, + "fields": { + "language": "Stata", + "color": "#66CDAA" + } +}, +{ + "model": "dojo.language_type", + "pk": 186, + "fields": { + "language": "Stylus", + "color": "#7FFFD4" + } +}, +{ + "model": "dojo.language_type", + "pk": 187, + "fields": { + "language": "Swift", + "color": "#00FFFF" + } +}, +{ + "model": "dojo.language_type", + "pk": 188, + "fields": { + "language": "SWIG", + "color": "#00FFFF" + } +}, +{ + "model": "dojo.language_type", + "pk": 189, + "fields": { + "language": "Tcl/Tk", + "color": "#E0FFFF" + } +}, +{ + "model": "dojo.language_type", + "pk": 190, + "fields": { + "language": "Teamcenter met", + "color": "#6B8E23" + } +}, +{ + "model": "dojo.language_type", + "pk": 191, + "fields": { + "language": "Teamcenter mth", + "color": "#556B2F" + } +}, +{ + "model": "dojo.language_type", + "pk": 192, + "fields": { + "language": "TeX", + "color": "#808000" + } +}, +{ + "model": "dojo.language_type", + "pk": 193, + "fields": { + "language": "TITAN Project File Information", + "color": "#2E8B57" + } +}, +{ + "model": "dojo.language_type", + "pk": 194, + "fields": { + "language": "Titanium Style Sheet", + "color": "#3CB371" + } +}, +{ + "model": "dojo.language_type", + "pk": 195, + "fields": { + "language": "TOML", + "color": "#8FBC8F" + } +}, +{ + "model": "dojo.language_type", + "pk": 196, + "fields": { + "language": "TTCN", + "color": "#00FA9A" + } +}, +{ + "model": "dojo.language_type", + "pk": 197, + "fields": { + "language": "Twig", + "color": "#006400" + } +}, +{ + "model": "dojo.language_type", + "pk": 198, + "fields": { + "language": "TypeScript", + "color": "#228B22" + } +}, +{ + "model": "dojo.language_type", + "pk": 199, + "fields": { + "language": "Unity-Prefab", + "color": "#00FF00" + } +}, +{ + "model": "dojo.language_type", + "pk": 200, + "fields": { + "language": "Vala", + "color": "#32CD32" + } +}, +{ + "model": "dojo.language_type", + "pk": 201, + "fields": { + "language": "Vala Header", + "color": "#FFFF00" + } +}, +{ + "model": "dojo.language_type", + "pk": 202, + "fields": { + "language": "Velocity Template Language", + "color": "#BDB76B" + } +}, +{ + "model": "dojo.language_type", + "pk": 203, + "fields": { + "language": "Verilog-SystemVerilog", + "color": "#F0E68C" + } +}, +{ + "model": "dojo.language_type", + "pk": 204, + "fields": { + "language": "VHDL", + "color": "#EEE8AA" + } +}, +{ + "model": "dojo.language_type", + "pk": 205, + "fields": { + "language": "vim script", + "color": "#FFDAB9" + } +}, +{ + "model": "dojo.language_type", + "pk": 206, + "fields": { + "language": "Visual Basic", + "color": "#FFE4B5" + } +}, +{ + "model": "dojo.language_type", + "pk": 207, + "fields": { + "language": "Visual Fox Pro", + "color": "#FFEFD5" + } +}, +{ + "model": "dojo.language_type", + "pk": 208, + "fields": { + "language": "Visualforce Component", + "color": "#FAFAD2" + } +}, +{ + "model": "dojo.language_type", + "pk": 209, + "fields": { + "language": "Visualforce Page", + "color": "#FFFACD" + } +}, +{ + "model": "dojo.language_type", + "pk": 210, + "fields": { + "language": "Vuejs Component", + "color": "#FFFFE0" + } +}, +{ + "model": "dojo.language_type", + "pk": 211, + "fields": { + "language": "Windows Message File", + "color": "#FF8C00" + } +}, +{ + "model": "dojo.language_type", + "pk": 212, + "fields": { + "language": "Windows Module Definition", + "color": "#FFA500" + } +}, +{ + "model": "dojo.language_type", + "pk": 213, + "fields": { + "language": "Windows Resource File", + "color": "#FFD700" + } +}, +{ + "model": "dojo.language_type", + "pk": 214, + "fields": { + "language": "WiX include", + "color": "#FF4500" + } +}, +{ + "model": "dojo.language_type", + "pk": 215, + "fields": { + "language": "WiX source", + "color": "#FF6347" + } +}, +{ + "model": "dojo.language_type", + "pk": 216, + "fields": { + "language": "WiX string localization", + "color": "#FF7F50" + } +}, +{ + "model": "dojo.language_type", + "pk": 217, + "fields": { + "language": "XAML", + "color": "#8B0000" + } +}, +{ + "model": "dojo.language_type", + "pk": 218, + "fields": { + "language": "xBase", + "color": "#FF0000" + } +}, +{ + "model": "dojo.language_type", + "pk": 219, + "fields": { + "language": "xBase Header", + "color": "#B22222" + } +}, +{ + "model": "dojo.language_type", + "pk": 220, + "fields": { + "language": "XHTML", + "color": "#DC143C" + } +}, +{ + "model": "dojo.language_type", + "pk": 221, + "fields": { + "language": "XMI", + "color": "#CD5C5C" + } +}, +{ + "model": "dojo.language_type", + "pk": 222, + "fields": { + "language": "XML", + "color": "#F08080" + } +}, +{ + "model": "dojo.language_type", + "pk": 223, + "fields": { + "language": "XQuery", + "color": "#E9967A" + } +}, +{ + "model": "dojo.language_type", + "pk": 224, + "fields": { + "language": "XSD", + "color": "#FA8072" + } +}, +{ + "model": "dojo.language_type", + "pk": 225, + "fields": { + "language": "XSLT", + "color": "#FFA07A" + } +}, +{ + "model": "dojo.language_type", + "pk": 226, + "fields": { + "language": "yacc", + "color": "#f0ffff" + } +}, +{ + "model": "dojo.language_type", + "pk": 227, + "fields": { + "language": "YAML", + "color": "#c1cdcd" + } +}, +{ + "model": "dojo.language_type", + "pk": 228, + "fields": { + "language": "zsh", + "color": "#8b7d6b" + } +}, +{ + "model": "dojo.languages", + "pk": 1, + "fields": { + "language": 90, + "product": 1, + "user": [ + "admin" + ], + "files": 500, + "blank": 100, + "comment": 199, + "code": 15000, + "created": "2021-11-04T09:00:09.802Z" + } +}, +{ + "model": "dojo.languages", + "pk": 2, + "fields": { + "language": 2, + "product": 1, + "user": [ + "admin" + ], + "files": 1, + "blank": 2, + "comment": 2, + "code": 200, + "created": "2021-11-04T09:01:32.568Z" + } +}, +{ + "model": "dojo.languages", + "pk": 3, + "fields": { + "language": 91, + "product": 1, + "user": [ + "admin" + ], + "files": 15, + "blank": 9, + "comment": 10, + "code": 800, + "created": "2021-11-04T09:01:32.581Z" + } +}, +{ + "model": "dojo.languages", + "pk": 4, + "fields": { + "language": 222, + "product": 1, + "user": [ + "admin" + ], + "files": 10, + "blank": 1, + "comment": 8, + "code": 200, + "created": "2021-11-04T09:13:05.769Z" + } +}, +{ + "model": "dojo.app_analysis", + "pk": 1, + "fields": { + "product": 1, + "name": "Tomcat", + "user": [ + "admin" + ], + "confidence": 100, + "version": "8.5.1", + "icon": null, + "website": null, + "website_found": null, + "created": "2021-11-04T09:20:33.477Z", + "tags": [] + } +}, +{ + "model": "dojo.objects_review", + "pk": 1, + "fields": { + "name": "Untracked", + "created": "2021-06-04T07:43:45.626Z" + } +}, +{ + "model": "dojo.objects_review", + "pk": 2, + "fields": { + "name": "Manual Code Review Required", + "created": "2021-06-05T06:44:08.110Z" + } +}, +{ + "model": "dojo.objects_review", + "pk": 3, + "fields": { + "name": "Manual Code Review and Create Test", + "created": "2021-06-08T13:12:41.078Z" + } +}, +{ + "model": "dojo.benchmark_type", + "pk": 1, + "fields": { + "name": "OWASP ASVS", + "version": "v. 3.1", + "benchmark_source": "OWASP ASVS", + "created": "2021-06-22T12:28:05.635Z", + "updated": "2021-06-22T12:32:16.088Z", + "enabled": true + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 1, + "fields": { + "type": 1, + "name": "V7: Cryptography Verification Requirements", + "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* That all cryptographic modules fail in a secure manner and that errors are handled correctly.\r\n* That a suitable random number generator is used when randomness is required.\r\n* That access to keys is managed in a secure way.", + "references": "* [OWASP Testing Guide 4.0: Testing for weak Cryptography](https://www.owasp.org/index.php/Testing_for_weak_Cryptography)\r\n* [OWASP Cheat Sheet: Cryptographic Storage](https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet)", + "enabled": true, + "created": "2021-06-22T12:32:50.575Z", + "updated": "2021-06-22T12:32:50.575Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 2, + "fields": { + "type": 1, + "name": "V2: Authentication Verification Requirements", + "objective": "Authentication is the act of establishing, or confirming, something (or someone) as authentic, that is, that claims made by or about the thing are true. Ensure that a verified application satisfies the following high level requirements:\r\n\r\nVerifies the digital identity of the sender of a communication. Ensures that only those authorised are able to authenticate and credentials are transported in a secure manner.", + "references": "* https://www.owasp.org/index.php/Testing_for_authentication\r\n* https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Choosing_and_Using_Security_Questions_Cheat_Sheet", + "enabled": true, + "created": "2021-06-28T12:34:11.372Z", + "updated": "2021-06-28T12:34:11.372Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 3, + "fields": { + "type": 1, + "name": "V1: Architecture, Design and Threat Modeling Requirements", + "objective": "In a perfect world, security would be considered throughout all phases of development. In reality however, security is often only a consideration at a late stage in the SDLC. Besides the technical controls, the ASVS requires processes to be in place that ensure that the security has been explicitly addressed when planning the architecture of the application or API, and that the functional and security roles of all components are known. Since single page applications and act as clients to remote API or services, it must be ensured that appropriate security standards are also applied to those services - testing the app in isolation is not sufficient.\r\n\r\nThe category lists requirements pertaining to architecture and design of the app. As such, this is the only category that does not map to technical test cases in the OWASP Testing Guide. To cover topics such as threat modelling, secure SDLC, key management, users of the ASVS should consult the respective OWASP projects and/or other standards such as the ones linked below.", + "references": "* https://www.owasp.org/index.php/Application_Security_Architecture_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Attack_Surface_Analysis_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Application_Security_Architecture_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Application_Threat_Modeling\r\n* https://www.owasp.org/index.php/Secure_SDLC_Cheat_Sheet\r\n* https://www.microsoft.com/en-us/sdl/\r\n* http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf", + "enabled": true, + "created": "2021-06-29T09:43:01.380Z", + "updated": "2021-06-29T09:43:01.380Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 4, + "fields": { + "type": 1, + "name": "V3: Session Management Verification Requirements", + "objective": "One of the core components of any web-based application is the mechanism by which it controls and maintains the state for a user interacting with it. This is referred to this as Session Management and is defined as the set of all controls governing state-full interaction between a user and the web-based application.\r\n\r\nEnsure that a verified application satisfies the following high level session management requirements:\r\n\r\n* Sessions are unique to each individual and cannot be guessed or shared\r\n* Sessions are invalidated when no longer required and timed out during periods of inactivity.", + "references": "* https://www.owasp.org/index.php/Testing_for_Session_Management\r\n* https://www.owasp.org/index.php/Session_Management_Cheat_Sheet", + "enabled": true, + "created": "2021-06-29T09:46:43.544Z", + "updated": "2021-06-29T09:46:43.544Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 5, + "fields": { + "type": 1, + "name": "V4: Access Control Verification Requirements", + "objective": "Authorization is the concept of allowing access to resources only to those permitted to use them. Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* Persons accessing resources holds valid credentials to do so.\r\n* Users are associated with a well-defined set of roles and privileges.\r\n* Role and permission metadata is protected from replay or tampering.", + "references": "* [OWASP Testing Guide 4.0: Authorization](https://www.owasp.org/index.php/Testing_for_Authorization)\r\n* [OWASP Cheat Sheet: Access Control](https://www.owasp.org/index.php/Access_Control_Cheat_Sheet)", + "enabled": true, + "created": "2021-06-29T11:08:56.925Z", + "updated": "2021-06-29T11:08:56.925Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 6, + "fields": { + "type": 1, + "name": "V5: Input Validation and Output Encoding Verification Requirements", + "objective": "The most common web application security weakness is the failure to properly validate input coming from the client or from the environment before using it. This weakness leads to almost all of the major vulnerabilities in web applications, such as cross site scripting, SQL injection, interpreter injection, locale/Unicode attacks, file system attacks, and buffer overflows.\r\n\r\nEnsure that a verified application satisfies the following high level requirements:\r\n\r\n* All input is validated to be correct and fit for the intended purpose.\r\n* Data from an external entity or client should never be trusted and should be handled accordingly.", + "references": "* [OWASP Testing Guide 4.0: Input Validation Testing](https://www.owasp.org/index.php/Testing_for_Input_Validation)\r\n* [OWASP Cheat Sheet: Input Validation](https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet)\r\n* [OWASP Testing Guide 4.0: Testing for HTTP Parameter Pollution](https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_%28OTG-INPVAL-004%29)\r\n* [OWASP LDAP Injection Cheat Sheet ](https://www.owasp.org/index.php/LDAP_Injection_Prevention_Cheat_Sheet)\r\n* [OWASP Testing Guide 4.0: Client Side Testing ](https://www.owasp.org/index.php/Client_Side_Testing)\r\n* [OWASP Cross Site Scripting Prevention Cheat Sheet ](https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet)\r\n* [OWASP DOM Based Cross Site Scripting Prevention Cheat Sheet ](https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet)\r\n* [OWASP Java Encoding Project](https://www.owasp.org/index.php/OWASP_Java_Encoder_Project)\r\n\r\nFor more information on auto-escaping, please see:\r\n\r\n* [Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems](http://googleonlinesecurity.blogspot.com/2009/03/reducing-xss-by-way-of-automatic.html)\r\n* [AngularJS Strict Contextual Escaping](https://docs.angularjs.org/api/ng/service/$sce)\r\n* [ReactJS Escaping](https://reactjs.org/docs/introducing-jsx.html#jsx-prevents-injection-attacks)\r\n* [Improperly Controlled Modification of Dynamically-Determined Object Attributes](https://cwe.mitre.org/data/definitions/915.html)", + "enabled": true, + "created": "2021-06-29T11:18:52.073Z", + "updated": "2021-06-29T11:18:52.073Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 7, + "fields": { + "type": 1, + "name": "V8: Error Handling and Logging Verification Requirements", + "objective": "The primary objective of error handling and logging is to provide a useful reaction by the user, administrators, and incident response teams. The objective is not to create massive amounts of logs, but high quality logs, with more signal than discarded noise.\r\n\r\nHigh quality logs will often contain sensitive data, and must be protected as per local data privacy laws or directives. This should include:\r\n\r\n* Not collecting or logging sensitive information if not specifically required.\r\n* Ensuring all logged information is handled securely and protected as per its data classification.\r\n* Ensuring that logs are not forever, but have an absolute lifetime that is as short as possible.\r\n\r\nIf logs contain private or sensitive data, the definition of which varies from country to country, the logs become some of the most sensitive information held by the application and thus very attractive to attackers in their own right.", + "references": "* [OWASP Testing Guide 4.0 content: Testing for Error Handling](https://www.owasp.org/index.php/Testing_for_Error_Handling)", + "enabled": true, + "created": "2021-06-29T11:35:35.432Z", + "updated": "2021-06-29T11:35:35.432Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 8, + "fields": { + "type": 1, + "name": "V9: Data Protection Verification Requirements", + "objective": "There are three key elements to sound data protection: Confidentiality, Integrity and Availability (CIA). This standard assumes that data protection is enforced on a trusted system, such as a server, which has been hardened and has sufficient protections.\r\n\r\nApplications have to assume that all user devices are compromised in some way. Where an application transmits or stores sensitive information on insecure devices, such as shared computers, phones and tablets, the application is responsible for ensuring data stored on these devices is encrypted and cannot be easily illicitly obtained, altered or disclosed.\r\n\r\nEnsure that a verified application satisfies the following high level data protection requirements:\r\n\r\n*\tConfidentiality: Data should be protected from unauthorised observation or disclosure both in transit and when stored.\r\n*\tIntegrity: Data should be protected being maliciously created, altered or deleted by unauthorized attackers.\r\n*\tAvailability: Data should be available to authorized users as required", + "references": "* [Consider using Security Headers website to check security and anti-caching headers](https://securityheaders.io)\r\n* [OWASP Secure Headers project](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project)\r\n* [User Privacy Protection Cheat Sheet](https://www.owasp.org/index.php/User_Privacy_Protection_Cheat_Sheet)", + "enabled": true, + "created": "2021-06-29T12:24:47.748Z", + "updated": "2021-06-29T12:24:47.748Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 9, + "fields": { + "type": 1, + "name": "V10: Communications Verification Requirements", + "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* That TLS is used where sensitive data is transmitted.\r\n* That strong algorithms and ciphers are used at all times.", + "references": "* [OWASP TLS Cheat Sheet. ](https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet)\r\n* [Notes on Approved modes of TLS. In the past, the ASVS referred to the US standard FIPS 140-2, but as a global standard, applying US standards this can be difficult, contradictory, or confusing to apply. A better method of achieving compliance with 10.8 would be to review guides such as (https://wiki.mozilla.org/Security/Server_Side_TLS), generate known good configurations (https://mozilla.github.io/server-side-tls/ssl-config-generator/), and use known TLS evaluation tools, such as sslyze, various vulnerability scanners or trusted TLS online assessment services to obtain a desired level of security. In general, we see non-compliance for this section being the use of outdated or insecure ciphers and algorithms, the lack of perfect forward secrecy, outdated or insecure SSL protocols, weak preferred ciphers, and so on.]\r\n* [Certificate pinning. For more information please review ](https://tools.ietf.org/html/rfc7469.)The rationale behind certificate pinning for production and backup keys is business continuity - see (https://noncombatant.org/2015/05/01/about-http-public-key-pinning/)\r\n* [OWASP Certificate Pinning Cheat Sheet](https://www.owasp.org/index.php/Pinning_Cheat_Sheet)\r\n* [OWASP Certificate and Public Key Pinning](https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning)\r\n* [Time of first use (TOFU) Pinning](https://developer.mozilla.org/en/docs/Web/Security/Public_Key_Pinning)\r\n* [Pre-loading HTTP Strict Transport Security](https://www.chromium.org/hsts)", + "enabled": true, + "created": "2021-06-29T17:57:07.587Z", + "updated": "2021-06-29T17:57:07.587Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 10, + "fields": { + "type": 1, + "name": "V13: Malicious Code Verification Requirements", + "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* Malicious activity is handled securely and properly as to not affect the rest of the application.\r\n* Do not have time bombs or other time based attacks built into them\r\n* Do not phone home to malicious or unauthorized destinations\r\n* Applications do not have back doors, Easter eggs, salami attacks, or logic flaws that can be controlled by an attacker\r\n\r\nMalicious code is extremely rare, and is difficult to detect. Manual line by line code review can assist looking for logic bombs, but even the most experienced code reviewer will struggle to find malicious code even if they know it exists. This section is not possible to complete without access to source code, including as many third party libraries as possible.", + "references": "", + "enabled": true, + "created": "2021-06-29T18:11:08.320Z", + "updated": "2021-06-29T18:11:08.320Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 11, + "fields": { + "type": 1, + "name": "V15: Business Logic Verification Requirements", + "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* The business logic flow is sequential and in order\r\n* Business logic includes limits to detect and prevent automated attacks, such as continuous small funds transfers, or adding a million friends one at a time, and so on.\r\n* High value business logic flows have considered abuse cases and malicious actors, and have protections against spoofing, tampering, repudiation, information disclosure, and elevation of privilege attacks.", + "references": "* [OWASP Testing Guide 4.0: Business Logic Testing ](https://www.owasp.org/index.php/Testing_for_business_logic)\r\n* [OWASP Cheat Sheet](https://www.owasp.org/index.php/Business_Logic_Security_Cheat_Sheet)", + "enabled": true, + "created": "2021-06-29T18:13:46.162Z", + "updated": "2021-06-29T18:13:46.162Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 12, + "fields": { + "type": 1, + "name": "V16: File and Resources Verification Requirements", + "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* Untrusted file data should be handled accordingly and in a secure manner\r\n* Obtained from untrusted sources are stored outside the webroot and limited permissions.", + "references": "", + "enabled": true, + "created": "2021-06-29T18:23:02.384Z", + "updated": "2021-06-29T18:23:02.384Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 13, + "fields": { + "type": 1, + "name": "V18: API and Web Service Verification Requirements", + "objective": "Ensure that a verified application that uses RESTful or SOAP based web services has:\r\n\r\n* Adequate authentication, session management and authorization of all web services\r\n* Input validation of all parameters that transit from a lower to higher trust level\r\n* Basic interoperability of SOAP web services layer to promote API use", + "references": "* [OWASP Testing Guide 4.0: Configuration and Deployment Management Testing](https://www.owasp.org/index.php/Testing_for_configuration_management)\r\n* [OWASP Cross-Site Request Forgery cheat sheet](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet)\r\n* [JSON Web Tokens (and Signing)](https://jwt.io/)", + "enabled": true, + "created": "2021-06-29T18:35:16.622Z", + "updated": "2021-06-29T18:35:16.622Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 14, + "fields": { + "type": 1, + "name": "V19: Configuration Verification Requirements", + "objective": "* Up to date libraries and platform(s).\r\n* A secure by default configuration.\r\n* Sufficient hardening that user initiated changes to default configuration do not unnecessarily expose or create security weaknesses or flaws to underlying systems.", + "references": "* [OWASP Testing Guide 4.0: Configuration and Deployment Management Testing](https://www.owasp.org/index.php/Testing_for_configuration_management)", + "enabled": true, + "created": "2021-06-29T18:35:55.518Z", + "updated": "2021-06-29T18:35:55.518Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 15, + "fields": { + "type": 1, + "name": "V20: Internet of Things Verification Requirements", + "objective": "Embedded/IoT devices should:\r\n\r\n* Have the same level of security controls within the device as found in the server, by enforcing security controls in a trusted environment.\r\n* Sensitive data stored on the device should be done so in a secure manner.\r\n* All sensitive data transmitted from the device should utilize transport layer security.", + "references": "* [OWASP Internet of Things Top 10](https://www.owasp.org/files/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf)\r\n* [OWASP Internet of Things Project](https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project)\r\n* [Trudy TCP Proxy Tool](https://github.com/praetorian-inc/trudy)", + "enabled": true, + "created": "2021-06-29T18:36:37.446Z", + "updated": "2021-06-29T18:36:37.446Z" + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 1, + "fields": { + "category": 1, + "objective_number": "7.2", + "objective": "Verify that all cryptographic modules fail securely, and errors are handled in a way that does not enable Padding Oracle.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-22T12:37:28.273Z", + "updated": "2021-06-22T12:37:28.273Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 2, + "fields": { + "category": 1, + "objective_number": "7.6", + "objective": "Verify that all random numbers, random file names, random GUIDs, and random strings are generated using the cryptographic modules approved random number generator when these random values are intended to be not guessable by an attacker.\",", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-23T08:40:34.631Z", + "updated": "2021-06-23T08:40:34.631Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 3, + "fields": { + "category": 1, + "objective_number": "7.7", + "objective": "Verify that cryptographic algorithms used by the application have been validated against FIPS 140-2 or an equivalent standard.", + "references": "", + "level_1": true, + "level_2": false, + "level_3": false, + "enabled": true, + "created": "2021-06-23T12:55:37.713Z", + "updated": "2021-06-23T12:55:37.713Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 4, + "fields": { + "category": 2, + "objective_number": "2.1", + "objective": "Verify all pages and resources are protected by server-side authentication, except those specifically intended to be public.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-28T13:07:20.805Z", + "updated": "2021-06-28T13:07:20.805Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 5, + "fields": { + "category": 3, + "objective_number": "1.1", + "objective": "All app components are identified and known to be needed.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:51:05.383Z", + "updated": "2021-06-29T09:51:05.383Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 6, + "fields": { + "category": 3, + "objective_number": "1.2", + "objective": "Security controls are never enforced only on the client side, but on the respective remote endpoints.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:52:09.763Z", + "updated": "2021-06-29T09:52:09.763Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 7, + "fields": { + "category": 3, + "objective_number": "1.3", + "objective": "A high-level architecture for the application and all connected remote services has been defined and security has been addressed in that architecture.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:52:27.454Z", + "updated": "2021-06-29T09:52:27.454Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 8, + "fields": { + "category": 3, + "objective_number": "1.4", + "objective": "Data considered sensitive in the context of the application is clearly identified.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:52:59.300Z", + "updated": "2021-06-29T09:52:59.300Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 9, + "fields": { + "category": 3, + "objective_number": "1.5", + "objective": "All app components are defined in terms of the business functions and/or security functions they provide.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:53:42.466Z", + "updated": "2021-06-29T09:53:42.466Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 11, + "fields": { + "category": 3, + "objective_number": "1.6", + "objective": "A threat model for the application and the associated remote services has been produced that identifies potential threats and countermeasures.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:54:29.724Z", + "updated": "2021-06-29T09:54:29.724Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 12, + "fields": { + "category": 3, + "objective_number": "1.7", + "objective": "All security controls have a centralized implementation.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:54:45.671Z", + "updated": "2021-06-29T09:54:45.671Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 13, + "fields": { + "category": 3, + "objective_number": "1.8", + "objective": "Components are segregated from each other via a defined security control, such as network segmentation, firewall rules, or cloud based security group", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:55:21.677Z", + "updated": "2021-06-29T09:55:21.677Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 14, + "fields": { + "category": 3, + "objective_number": "1.9", + "objective": "A mechanism for enforcing updates of the application exists.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:55:36.823Z", + "updated": "2021-06-29T09:55:36.823Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 15, + "fields": { + "category": 3, + "objective_number": "1.10", + "objective": "Security is addressed within all parts of the software development lifecycle.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:56:13.684Z", + "updated": "2021-06-29T09:56:13.684Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 16, + "fields": { + "category": 3, + "objective_number": "1.11", + "objective": "All application components, libraries, modules, frameworks, platform, and operating systems are free from known vulnerabilities", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:56:43.648Z", + "updated": "2021-06-29T09:56:43.648Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 17, + "fields": { + "category": 3, + "objective_number": "1.12", + "objective": "There is an explicit policy for how cryptographic keys (if any) are managed, and the lifecycle of cryptographic keys is enforced. Ideally, follow a key management standard such as NIST SP 800-57.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:57:12.345Z", + "updated": "2021-06-29T09:57:12.345Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 18, + "fields": { + "category": 2, + "objective_number": "2.2", + "objective": "Verify that the application does not automatically fill in credentials either as hidden fields, URL arguments, Ajax requests, or in forms, as this implies plain text, reversible or de-cryptable password storage. Random time limited nonces are acceptable as stand ins, such as to protect change password forms or forgot password forms.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:47:59.343Z", + "updated": "2021-06-29T10:47:59.343Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 19, + "fields": { + "category": 2, + "objective_number": "2.6", + "objective": "Verify all authentication controls fail securely to ensure attackers cannot log in.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:48:16.224Z", + "updated": "2021-06-29T10:48:16.224Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 20, + "fields": { + "category": 2, + "objective_number": "2.7", + "objective": "Verify password entry fields allow, or encourage, the use of passphrases, and do not prevent long passphrases or highly complex passwords being entered.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:48:36.593Z", + "updated": "2021-06-29T10:48:36.593Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 21, + "fields": { + "category": 2, + "objective_number": "2.8", + "objective": "Verify all identity functions (e.g. forgot password, change password, change email, manage 2FA token, etc.) have the security controls, as the primary authentication mechanism (e.g. login form).", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:49:04.310Z", + "updated": "2021-06-29T10:49:04.310Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 22, + "fields": { + "category": 2, + "objective_number": "2.9", + "objective": "Verify that the changing password functionality includes the old password, the new password, and a password confirmation.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:49:21.570Z", + "updated": "2021-06-29T10:49:21.570Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 23, + "fields": { + "category": 2, + "objective_number": "2.12", + "objective": "Verify that all authentication decisions can be logged, without storing sensitive session identifiers or passwords. This should include requests with relevant metadata needed for security investigations.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:49:49.215Z", + "updated": "2021-06-29T10:49:49.215Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 24, + "fields": { + "category": 2, + "objective_number": "2.13", + "objective": "Verify that account passwords are one way hashed with a salt, and there is sufficient work factor to defeat brute force and password hash recovery attacks.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:50:07.859Z", + "updated": "2021-06-29T10:50:07.859Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 25, + "fields": { + "category": 2, + "objective_number": "2.16", + "objective": "Verify that all application data is transmitted over an encrypted channel (e.g. TLS).", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:50:34.637Z", + "updated": "2021-06-29T10:50:34.637Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 26, + "fields": { + "category": 2, + "objective_number": "2.17", + "objective": "Verify that the forgotten password function and other recovery paths do not reveal the current password and that the new password is not sent in clear text to the user. A one time password reset link should be used instead.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:50:53.445Z", + "updated": "2021-06-29T10:50:53.445Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 27, + "fields": { + "category": 2, + "objective_number": "2.18", + "objective": "Verify that information enumeration is not possible via login, password reset, or forgot account functionality.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:51:09.766Z", + "updated": "2021-06-29T10:51:09.766Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 28, + "fields": { + "category": 2, + "objective_number": "2.19", + "objective": "Verify there are no default passwords in use for the application framework or any components used by the application (such as admin/password).", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:51:28.174Z", + "updated": "2021-06-29T10:51:28.174Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 29, + "fields": { + "category": 2, + "objective_number": "2.20", + "objective": "Verify that anti-automation is in place to prevent breached credential testing, brute forcing, and account lockout attacks.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:51:47.647Z", + "updated": "2021-06-29T10:51:47.647Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 30, + "fields": { + "category": 2, + "objective_number": "2.21", + "objective": "Verify that all authentication credentials for accessing services external to the application are encrypted and stored in a protected location.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:54:32.530Z", + "updated": "2021-06-29T10:54:32.530Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 31, + "fields": { + "category": 2, + "objective_number": "2.22", + "objective": "Verify that forgotten password and other recovery paths use a TOTP or other soft token, mobile push, or other offline recovery mechanism. The use of SMS has been deprecated by NIST and should not be used.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:54:50.186Z", + "updated": "2021-06-29T10:54:50.186Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 32, + "fields": { + "category": 2, + "objective_number": "2.23", + "objective": "Verify that account lockout is divided into soft and hard lock status, and these are not mutually exclusive. If an account is temporarily soft locked out due to a brute force attack, this should not reset the hard lock status.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:55:08.158Z", + "updated": "2021-06-29T10:55:08.158Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 33, + "fields": { + "category": 2, + "objective_number": "2.24", + "objective": "Verify that if secret questions are required, the questions do not violate privacy laws and are sufficiently strong to protect accounts from malicious recovery.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:55:28.074Z", + "updated": "2021-06-29T10:55:28.074Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 34, + "fields": { + "category": 2, + "objective_number": "2.25", + "objective": "Verify that high value applications can be configured to disallow the use of a configurable number of previous passwords.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:55:48.990Z", + "updated": "2021-06-29T10:55:48.990Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 35, + "fields": { + "category": 2, + "objective_number": "2.26", + "objective": "Verify that sensitive operations (e.g. change password, change email address, add new biller, etc.) require re-authentication (e.g. password or 2FA token). This is in addition to CSRF measures, not instead.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:56:04.324Z", + "updated": "2021-06-29T10:56:04.324Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 36, + "fields": { + "category": 2, + "objective_number": "2.27", + "objective": "Verify that measures are in place to block the use of commonly chosen passwords and weak pass-phrases.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:56:22.701Z", + "updated": "2021-06-29T10:56:22.701Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 37, + "fields": { + "category": 2, + "objective_number": "2.28", + "objective": "Verify that all authentication challenges, whether successful or failed, should respond in the same average response time.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:56:44.117Z", + "updated": "2021-06-29T10:56:44.117Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 38, + "fields": { + "category": 2, + "objective_number": "2.29", + "objective": "Verify that secrets, API keys, and passwords are not included in the source code, or online source code repositories.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:57:00.884Z", + "updated": "2021-06-29T10:57:00.884Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 39, + "fields": { + "category": 2, + "objective_number": "2.31", + "objective": "Verify that users can enrol and use TOTP verification, two-factor, biometric (Touch ID or similar), or equivalent multi-factor authentication mechanism that provides protection against single factor credential disclosure.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:57:20.100Z", + "updated": "2021-06-29T10:57:20.100Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 40, + "fields": { + "category": 2, + "objective_number": "2.32", + "objective": "Verify that access to administrative interfaces are strictly controlled and not accessible to untrusted parties.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:57:37.083Z", + "updated": "2021-06-29T10:57:37.083Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 41, + "fields": { + "category": 2, + "objective_number": "3.1", + "objective": "Verify that the application is compatible with browser based and third party password managers, unless prohibited by risk based policy.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:57:54.657Z", + "updated": "2021-06-29T10:57:54.657Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 42, + "fields": { + "category": 4, + "objective_number": "3.2", + "objective": "Verify that sessions are invalidated when the user logs out.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:03:24.654Z", + "updated": "2021-06-29T11:03:24.654Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 43, + "fields": { + "category": 4, + "objective_number": "3.3", + "objective": "Verify that sessions timeout after a specified period of inactivity.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:03:42.209Z", + "updated": "2021-06-29T11:03:42.209Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 44, + "fields": { + "category": 4, + "objective_number": "3.4", + "objective": "Verify that sessions timeout after an administratively-configurable maximum time period regardless of activity (an absolute timeout).", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:04:05.047Z", + "updated": "2021-06-29T11:04:05.047Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 45, + "fields": { + "category": 4, + "objective_number": "3.5", + "objective": "Verify that all pages that require authentication have easy and visible access to logout functionality.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:04:26.223Z", + "updated": "2021-06-29T11:04:26.223Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 46, + "fields": { + "category": 4, + "objective_number": "3.6", + "objective": "Test that the session ID is never disclosed in URLs, error messages, or logs. This includes verifying that the application does not support URL rewriting of session cookies.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:04:46.281Z", + "updated": "2021-06-29T11:04:46.281Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 47, + "fields": { + "category": 4, + "objective_number": "3.7", + "objective": "Verify that all successful authentication and re-authentication generates a new session and session id.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:05:07.271Z", + "updated": "2021-06-29T11:05:07.271Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 48, + "fields": { + "category": 4, + "objective_number": "3.10", + "objective": "Verify that only session ids generated by the application framework are recognised as active by the application.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:05:28.910Z", + "updated": "2021-06-29T11:05:28.910Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 49, + "fields": { + "category": 4, + "objective_number": "3.11", + "objective": "Test session IDs against criteria such as their randomness, uniqueness, resistance to statistical and cryptographic analysis and information leakage.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:05:44.227Z", + "updated": "2021-06-29T11:05:44.227Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 50, + "fields": { + "category": 4, + "objective_number": "3.12", + "objective": "Verify that session IDs stored in cookies are scoped using the 'path' attribute; and have the 'HttpOnly' and 'Secure' cookie flags enabled.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:06:03.581Z", + "updated": "2021-06-29T11:06:03.581Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 51, + "fields": { + "category": 4, + "objective_number": "3.17", + "objective": "Verify that the application tracks all active sessions. And allows users to terminate sessions selectively or globally from their account.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:06:26.772Z", + "updated": "2021-06-29T11:06:26.772Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 52, + "fields": { + "category": 4, + "objective_number": "3.18", + "objective": "Verify for high value applications that the user is prompted with the option to terminate all other active sessions after a successful change password process.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:06:53.011Z", + "updated": "2021-06-29T11:06:53.011Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 53, + "fields": { + "category": 5, + "objective_number": "4.1", + "objective": "Verify that the principle of least privilege exists - users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:09:31.529Z", + "updated": "2021-06-29T11:09:31.529Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 54, + "fields": { + "category": 5, + "objective_number": "4.4", + "objective": "Verify that access to sensitive records is protected, such that only authorized objects or data is accessible to each user (for example, protect against users tampering with a parameter to see or alter another user's account).", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:09:48.249Z", + "updated": "2021-06-29T11:09:48.249Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 55, + "fields": { + "category": 5, + "objective_number": "4.5", + "objective": "Verify that directory browsing is disabled unless deliberately desired. Additionally, applications should not allow discovery or disclosure of file or directory metadata, such as Thumbs.db, .DS_Store, .git or .svn folders.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:10:05.314Z", + "updated": "2021-06-29T11:10:05.314Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 56, + "fields": { + "category": 5, + "objective_number": "4.8", + "objective": "Verify that access controls fail securely.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:10:23.333Z", + "updated": "2021-06-29T11:10:23.333Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 57, + "fields": { + "category": 5, + "objective_number": "4.9", + "objective": "Verify that the same access control rules implied by the presentation layer are enforced on the server side.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:10:44.662Z", + "updated": "2021-06-29T11:10:44.662Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 58, + "fields": { + "category": 5, + "objective_number": "4.10", + "objective": "Verify that all user and data attributes and policy information used by access controls cannot be manipulated by end users unless specifically authorized.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:11:09.221Z", + "updated": "2021-06-29T11:11:09.221Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 59, + "fields": { + "category": 5, + "objective_number": "4.11", + "objective": "Verify that there is a centralized mechanism (including libraries that call external authorization services) for protecting access to each type of protected resource.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:11:27.195Z", + "updated": "2021-06-29T11:11:27.195Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 60, + "fields": { + "category": 5, + "objective_number": "4.12", + "objective": "Verify that all access control decisions can be logged and all failed decisions are logged.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:11:42.332Z", + "updated": "2021-06-29T11:11:42.332Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 61, + "fields": { + "category": 5, + "objective_number": "4.13", + "objective": "Verify that the application or framework uses strong random anti-CSRF tokens or has another transaction protection mechanism.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:12:15.969Z", + "updated": "2021-06-29T11:12:15.969Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 62, + "fields": { + "category": 5, + "objective_number": "4.4", + "objective": "Verify the system can protect against aggregate or continuous access of secured functions, resources, or data. For example, consider the use of a resource governor to limit the number of edits per hour or to prevent the entire database from being scraped by an individual user.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:12:31.357Z", + "updated": "2021-06-29T11:12:31.357Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 63, + "fields": { + "category": 5, + "objective_number": "4.15", + "objective": "Verify the application has additional authorization (such as step up or adaptive authentication) for lower value systems, and / or segregation of duties for high value applications to enforce anti-fraud controls as per the risk of application and past fraud.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:12:55.170Z", + "updated": "2021-06-29T11:12:55.170Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 64, + "fields": { + "category": 5, + "objective_number": "4.16", + "objective": "Verify that the application correctly enforces context-sensitive authorisation so as to not allow unauthorised manipulation by means of parameter tampering.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:13:13.009Z", + "updated": "2021-06-29T11:13:13.009Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 65, + "fields": { + "category": 6, + "objective_number": "5.3", + "objective": "Verify that server side input validation failures result in request rejection and are logged.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:19:50.413Z", + "updated": "2021-06-29T11:19:50.413Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 66, + "fields": { + "category": 6, + "objective_number": "5.5", + "objective": "Verify that input validation routines are enforced on the server side.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:20:14.088Z", + "updated": "2021-06-29T11:20:14.088Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 67, + "fields": { + "category": 6, + "objective_number": "5.6", + "objective": "Verify that a centralized input validation control mechanism is used by the application.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:20:34.745Z", + "updated": "2021-06-29T11:20:34.745Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 68, + "fields": { + "category": 6, + "objective_number": "5.10", + "objective": "Verify that all database queries are protected by the use of parameterized queries or proper ORM usage to avoid SQL injection.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:20:50.454Z", + "updated": "2021-06-29T11:20:50.454Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 69, + "fields": { + "category": 6, + "objective_number": "5.11", + "objective": "Verify that the application is not susceptible to LDAP Injection, or that security controls prevent LDAP Injection.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:21:06.964Z", + "updated": "2021-06-29T11:21:06.964Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 70, + "fields": { + "category": 6, + "objective_number": "5.12", + "objective": "Verify that the application is not susceptible to OS Command Injection, or that security controls prevent OS Command Injection.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:21:23.126Z", + "updated": "2021-06-29T11:21:23.126Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 71, + "fields": { + "category": 6, + "objective_number": "5.13", + "objective": "Verify that the application is not susceptible to Remote File Inclusion (RFI) or Local File Inclusion (LFI) when content is used that is a path to a file.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:21:40.437Z", + "updated": "2021-06-29T11:21:40.437Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 72, + "fields": { + "category": 6, + "objective_number": "5.14", + "objective": "Verify that the application is not susceptible XPath injection or XML injection attacks.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:21:55.675Z", + "updated": "2021-06-29T11:21:55.675Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 73, + "fields": { + "category": 6, + "objective_number": "5.15", + "objective": "Verify that all string variables placed into HTML or other web client code are either properly contextually encoded manually, or utilize templates that automatically contextually encode to ensure the application is not susceptible to reflected, stored or DOM Cross-Site Scripting (XSS) attacks.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:22:11.541Z", + "updated": "2021-06-29T11:22:11.541Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 74, + "fields": { + "category": 6, + "objective_number": "5.16", + "objective": "Verify that the application does not contain mass parameter assignment (AKA automatic variable binding) vulnerabilities.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:22:30.790Z", + "updated": "2021-06-29T11:22:30.790Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 75, + "fields": { + "category": 6, + "objective_number": "5.17", + "objective": "Verify that the application has defenses against HTTP parameter pollution attacks, particularly if the application framework makes no distinction about the source of request parameters (GET, POST, cookies, headers, environment, etc.)", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:22:49.904Z", + "updated": "2021-06-29T11:22:49.904Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 76, + "fields": { + "category": 6, + "objective_number": "5.19", + "objective": "Verify that all input data is validated, not only HTML form fields but all sources of input such as REST calls, query parameters, HTTP headers, cookies, batch files, RSS feeds, etc; using positive validation (whitelisting), then lesser forms of validation such as grey listing (eliminating known bad strings), or rejecting bad inputs (blacklisting).", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:23:08.013Z", + "updated": "2021-06-29T11:23:08.013Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 77, + "fields": { + "category": 6, + "objective_number": "5.20", + "objective": "Verify that structured data is strongly typed and validated against a defined schema including allowed characters, length and pattern (e.g. credit card numbers or telephone, or validating that two related fields are reasonable, such as validating suburbs and zip or post codes match).", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:26:04.647Z", + "updated": "2021-06-29T11:26:04.647Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 78, + "fields": { + "category": 6, + "objective_number": "5.21", + "objective": "Verify that unstructured data is sanitized to enforce generic safety measures such as allowed characters and length, and characters potentially harmful in given context should be escaped (e.g. natural names with Unicode or apostrophes, such as O'Hara)", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:26:44.642Z", + "updated": "2021-06-29T11:26:44.642Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 79, + "fields": { + "category": 6, + "objective_number": "5.22", + "objective": "Verify that all untrusted HTML input from WYSIWYG editors or similar is properly sanitized with an HTML sanitizer library or framework feature.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:27:09.785Z", + "updated": "2021-06-29T11:27:09.785Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 80, + "fields": { + "category": 6, + "objective_number": "5.24", + "objective": "Verify that where data is transferred from one DOM context to another, the transfer uses safe JavaScript methods, such as using innerText or .val to ensure the application is not susceptible to DOM Cross-Site Scripting (XSS) attacks.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:27:28.549Z", + "updated": "2021-06-29T11:27:28.549Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 81, + "fields": { + "category": 6, + "objective_number": "5.25", + "objective": "Verify when parsing JSON in browsers or JavaScript based backends, that JSON.parse is used to parse the JSON document. Do not use eval() to parse JSON.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:27:44.629Z", + "updated": "2021-06-29T11:27:44.629Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 82, + "fields": { + "category": 6, + "objective_number": "5.27", + "objective": "Verify the application for Server Side Request Forgery vulnerabilities.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:28:10.149Z", + "updated": "2021-06-29T11:28:10.149Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 83, + "fields": { + "category": 6, + "objective_number": "5.28", + "objective": "Verify that the application correctly restricts XML parsers to only use the most restrictive configuration possible and to ensure that dangerous features such as resolving external entities are disabled.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:28:30.927Z", + "updated": "2021-06-29T11:28:30.927Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 84, + "fields": { + "category": 6, + "objective_number": "5.29", + "objective": "Verify that deserialization of untrusted data is avoided or is extensively protected when deserialization cannot be avoided.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:28:49.023Z", + "updated": "2021-06-29T11:28:49.023Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 85, + "fields": { + "category": 1, + "objective_number": "7.8", + "objective": "Verify that cryptographic modules operate in their approved mode according to their published security policies.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:30:40.745Z", + "updated": "2021-06-29T11:30:40.745Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 86, + "fields": { + "category": 1, + "objective_number": "7.9", + "objective": "Verify that there is an explicit policy for how cryptographic keys are managed (e.g., generated, distributed, revoked, and expired). Verify that this key lifecycle is properly enforced.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:31:34.511Z", + "updated": "2021-06-29T11:31:34.511Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 87, + "fields": { + "category": 1, + "objective_number": "7.11", + "objective": "Verify that all consumers of cryptographic services do not have direct access to key material. Isolate cryptographic processes, including master secrets and consider the use of a virtualized or physical hardware key vault (HSM).", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:31:55.623Z", + "updated": "2021-06-29T11:31:55.623Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 88, + "fields": { + "category": 1, + "objective_number": "7.12", + "objective": "Verify that Personally Identifiable Information (PII) and other sensitive data is stored encrypted while at rest.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:32:13.340Z", + "updated": "2021-06-29T11:32:13.340Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 89, + "fields": { + "category": 1, + "objective_number": "7.13", + "objective": "Verify that sensitive passwords or key material maintained in memory is overwritten with zeros as soon as it is no longer required, to mitigate memory dumping attacks.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:32:44.415Z", + "updated": "2021-06-29T11:32:44.415Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 90, + "fields": { + "category": 1, + "objective_number": "7.14", + "objective": "Verify that all keys and passwords are replaceable, and are generated or replaced at installation time.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:33:57.883Z", + "updated": "2021-06-29T11:33:57.883Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 91, + "fields": { + "category": 1, + "objective_number": "7.15", + "objective": "Verify that random numbers are created with proper entropy even when the application is under heavy load, or that the application degrades gracefully in such circumstances.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:34:17.766Z", + "updated": "2021-06-29T11:34:17.766Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 92, + "fields": { + "category": 7, + "objective_number": "8.1", + "objective": "Verify that the application does not output error messages or stack traces containing sensitive data that could assist an attacker, including session id, software/framework versions and personal information.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:36:36.883Z", + "updated": "2021-06-29T11:36:36.883Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 93, + "fields": { + "category": 7, + "objective_number": "8.2", + "objective": "Verify that error handling logic in security controls denies access by default.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:36:58.013Z", + "updated": "2021-06-29T11:36:58.013Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 94, + "fields": { + "category": 7, + "objective_number": "8.3", + "objective": "Verify security logging controls provide the ability to log success and particularly failure events that are identified as security-relevant.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:44:27.487Z", + "updated": "2021-06-29T11:44:27.487Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 95, + "fields": { + "category": 7, + "objective_number": "8.4", + "objective": "Verify that each log event includes necessary information that would allow for a detailed investigation of the timeline when an event happens.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:44:46.451Z", + "updated": "2021-06-29T11:44:46.451Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 96, + "fields": { + "category": 7, + "objective_number": "8.5", + "objective": "Verify that all events that include untrusted data will not execute as code in the intended log viewing software.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:45:02.199Z", + "updated": "2021-06-29T11:45:02.199Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 97, + "fields": { + "category": 7, + "objective_number": "8.6", + "objective": "Verify that security logs are protected from unauthorized access and modification.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:45:22.653Z", + "updated": "2021-06-29T11:45:22.653Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 98, + "fields": { + "category": 7, + "objective_number": "8.7", + "objective": "Verify that the application does not log sensitive data as defined under local privacy laws or regulations, organizational sensitive data as defined by a risk assessment, or sensitive authentication data that could assist an attacker, including user's session identifiers, passwords, hashes, or API tokens.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:45:49.298Z", + "updated": "2021-06-29T11:45:49.298Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 99, + "fields": { + "category": 7, + "objective_number": "8.8", + "objective": "Verify that all non-printable symbols and field separators are properly encoded in log entries, to prevent log injection.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:46:04.125Z", + "updated": "2021-06-29T11:46:04.125Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 100, + "fields": { + "category": 7, + "objective_number": "8.9", + "objective": "Verify that log fields from trusted and untrusted sources are distinguishable in log entries.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:46:26.650Z", + "updated": "2021-06-29T11:46:26.650Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 101, + "fields": { + "category": 7, + "objective_number": "8.10", + "objective": "Verify that an audit log or similar allows for non-repudiation of key transactions.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:46:45.582Z", + "updated": "2021-06-29T11:46:45.582Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 102, + "fields": { + "category": 7, + "objective_number": "8.11", + "objective": "Verify that security logs have some form of integrity checking or controls to prevent unauthorized modification.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:47:02.190Z", + "updated": "2021-06-29T11:47:02.190Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 103, + "fields": { + "category": 7, + "objective_number": "8.12", + "objective": "Verify that security logs have some form of integrity checking or controls to prevent unauthorized modification.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:47:46.283Z", + "updated": "2021-06-29T11:47:46.283Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 104, + "fields": { + "category": 7, + "objective_number": "8.13", + "objective": "Verify that time sources are synchronized to the correct time and time zone.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:48:05.620Z", + "updated": "2021-06-29T11:48:05.620Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 105, + "fields": { + "category": 8, + "objective_number": "9.1", + "objective": "Verify that all forms containing sensitive information have disabled client side caching, including autocomplete features.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:25:19.688Z", + "updated": "2021-06-29T12:25:19.688Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 106, + "fields": { + "category": 8, + "objective_number": "9.2", + "objective": "Verify that the list of sensitive data processed by the application is identified, and that there is an explicit policy for how access to this data must be controlled, encrypted and enforced under relevant data protection directives.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:25:40.315Z", + "updated": "2021-06-29T12:25:40.315Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 107, + "fields": { + "category": 8, + "objective_number": "9.3", + "objective": "Verify that all sensitive data is sent to the server in the HTTP message body or headers (i.e., URL parameters are never used to send sensitive data).", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:25:56.919Z", + "updated": "2021-06-29T12:25:56.919Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 108, + "fields": { + "category": 8, + "objective_number": "9.4", + "objective": "Verify that the application sets sufficient anti-caching headers such that any sensitive and personal information displayed by the application or entered by the user should not be cached on disk by mainstream modern browsers (e.g. visit about:cache to review disk cache).", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:26:14.205Z", + "updated": "2021-06-29T12:26:14.205Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 109, + "fields": { + "category": 8, + "objective_number": "9.5", + "objective": "Verify that on the server, all cached or temporary copies of sensitive data stored are protected from unauthorized access or purged/invalidated after the authorized user accesses the sensitive data.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:26:30.429Z", + "updated": "2021-06-29T12:26:30.429Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 110, + "fields": { + "category": 8, + "objective_number": "9.6", + "objective": "Verify that there is a method to remove each type of sensitive data from the application at the end of the required retention policy.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:26:45.509Z", + "updated": "2021-06-29T12:26:45.509Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 111, + "fields": { + "category": 8, + "objective_number": "9.7", + "objective": "Verify the application minimizes the number of parameters in a request, such as hidden fields, Ajax variables, cookies and header values.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:27:04.786Z", + "updated": "2021-06-29T12:27:04.786Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 112, + "fields": { + "category": 8, + "objective_number": "9.8", + "objective": "Verify the application has the ability to detect and alert on abnormal numbers of requests for data harvesting for an example screen scraping.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:27:20.007Z", + "updated": "2021-06-29T12:27:20.007Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 113, + "fields": { + "category": 8, + "objective_number": "9.9", + "objective": "Verify that data stored in client side storage (such as HTML5 local storage, session storage, IndexedDB, regular cookies or Flash cookies) does not contain sensitive data or PII.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:27:37.137Z", + "updated": "2021-06-29T12:27:37.137Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 114, + "fields": { + "category": 8, + "objective_number": "9.10", + "objective": "Verify accessing sensitive data is logged, if the data is collected under relevant data protection directives or where logging of accesses is required.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:28:01.849Z", + "updated": "2021-06-29T12:28:01.849Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 115, + "fields": { + "category": 8, + "objective_number": "9.11", + "objective": "Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required, to mitigate memory dumping attacks.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:28:19.464Z", + "updated": "2021-06-29T12:28:19.464Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 116, + "fields": { + "category": 8, + "objective_number": "9.14", + "objective": "Verify that authenticated data is cleared from client storage, such as the browser DOM, after the client or session is terminated.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:28:36.368Z", + "updated": "2021-06-29T12:28:36.368Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 117, + "fields": { + "category": 9, + "objective_number": "10.1", + "objective": "Verify that a path can be built from a trusted CA to each Transport Layer Security (TLS) server certificate, and that each server certificate is valid.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:57:51.724Z", + "updated": "2021-06-29T17:57:51.724Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 118, + "fields": { + "category": 9, + "objective_number": "10.2", + "objective": "Verify that TLS is used for all connections (including both external and backend connections) that are authenticated or that involve sensitive data or functions, and does not fall back to insecure or unencrypted protocols. Ensure the strongest alternative is the preferred algorithm.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:58:08.701Z", + "updated": "2021-06-29T17:58:08.701Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 119, + "fields": { + "category": 9, + "objective_number": "10.3", + "objective": "Verify that backend TLS connection failures are logged.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:58:43.008Z", + "updated": "2021-06-29T17:58:43.008Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 120, + "fields": { + "category": 9, + "objective_number": "10.4", + "objective": "Verify that certificate paths are built and verified for all client certificates using configured trust anchors and revocation information.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:59:00.835Z", + "updated": "2021-06-29T17:59:00.835Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 121, + "fields": { + "category": 9, + "objective_number": "10.5", + "objective": "Verify that all connections to external systems that involve sensitive information or functions are authenticated.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:59:17.563Z", + "updated": "2021-06-29T17:59:17.563Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 122, + "fields": { + "category": 9, + "objective_number": "10.6", + "objective": "Verify that there is a single standard TLS implementation that is used by the application that is configured to operate in an approved mode of operation.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:59:33.860Z", + "updated": "2021-06-29T17:59:33.860Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 123, + "fields": { + "category": 9, + "objective_number": "10.7", + "objective": "Verify that TLS certificate public key pinning (HPKP) is implemented with production and backup public keys. For more information, please see the references below.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:59:57.308Z", + "updated": "2021-06-29T17:59:57.308Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 124, + "fields": { + "category": 9, + "objective_number": "10.8", + "objective": "Verify that HTTP Strict Transport Security headers are included on all requests and for all subdomains, such as Strict-Transport-Security: max-age=15724800; includeSubdomains", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:00:23.218Z", + "updated": "2021-06-29T18:00:23.218Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 125, + "fields": { + "category": 9, + "objective_number": "10.9", + "objective": "Verify that production website URL has been submitted to preloaded list of Strict Transport Security domains maintained by web browser vendors. Please see the references below.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:00:46.523Z", + "updated": "2021-06-29T18:00:46.523Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 126, + "fields": { + "category": 9, + "objective_number": "10.11", + "objective": "Verify that perfect forward secrecy is configured to mitigate passive attackers recording traffic.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:01:11.667Z", + "updated": "2021-06-29T18:01:11.667Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 127, + "fields": { + "category": 9, + "objective_number": "10.11", + "objective": "Verify that proper certification revocation, such as Online Certificate Status Protocol (OCSP) Stapling, is enabled and configured.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:01:31.481Z", + "updated": "2021-06-29T18:01:31.481Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 128, + "fields": { + "category": 9, + "objective_number": "10.13", + "objective": "Verify that only strong algorithms, ciphers, and protocols are used, through all the certificate hierarchy, including root and intermediary certificates of your selected certifying authority.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:01:46.036Z", + "updated": "2021-06-29T18:01:46.036Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 129, + "fields": { + "category": 9, + "objective_number": "10.14", + "objective": "Verify that the TLS settings are in line with current leading practice, particularly as common configurations, ciphers, and algorithms become insecure.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:02:06.170Z", + "updated": "2021-06-29T18:02:06.170Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 130, + "fields": { + "category": 10, + "objective_number": "13.1", + "objective": "Verify all malicious activity is adequately sandboxed, containerized or isolated to delay and deter attackers from attacking other applications.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:11:51.230Z", + "updated": "2021-06-29T18:11:51.230Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 131, + "fields": { + "category": 10, + "objective_number": "13.2", + "objective": "Verify that the application source code, and as many third party libraries as possible, does not contain back doors, Easter eggs, and logic flaws in authentication, access control, input validation, and the business logic of high value transactions.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:12:07.933Z", + "updated": "2021-06-29T18:12:07.933Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 132, + "fields": { + "category": 11, + "objective_number": "15.1", + "objective": "Verify the application will only process business logic flows in sequential step order, with all steps being processed in realistic human time, and not process out of order, skipped steps, process steps from another user, or too quickly submitted transactions.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:14:19.422Z", + "updated": "2021-06-29T18:14:19.422Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 133, + "fields": { + "category": 11, + "objective_number": "15.2", + "objective": "Verify the application has business limits and correctly enforces on a per user basis, with configurable alerting and automated reactions to automated or unusual attack.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:14:36.697Z", + "updated": "2021-06-29T18:14:36.697Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 134, + "fields": { + "category": 12, + "objective_number": "16.1", + "objective": "Verify that URL redirects and forwards only allow whitelisted destinations, or show a warning when redirecting to potentially untrusted content.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:26:27.533Z", + "updated": "2021-06-29T18:26:27.533Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 135, + "fields": { + "category": 12, + "objective_number": "16.2", + "objective": "Verify that untrusted file data submitted to the application is not used directly with file I/O commands, particularly to protect against path traversal, local file include, file mime type, reflective file download, and OS command injection vulnerabilities.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:26:43.732Z", + "updated": "2021-06-29T18:26:43.732Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 136, + "fields": { + "category": 12, + "objective_number": "16.3", + "objective": "Verify that files obtained from untrusted sources are validated to be of expected type and scanned by antivirus scanners to prevent upload of known malicious content.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:27:09.137Z", + "updated": "2021-06-29T18:27:09.137Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 137, + "fields": { + "category": 12, + "objective_number": "16.4", + "objective": "Verify that untrusted data is not used within inclusion, class loader, or reflection capabilities to prevent remote/local code execution vulnerabilities.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:29:28.123Z", + "updated": "2021-06-29T18:29:28.123Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 138, + "fields": { + "category": 12, + "objective_number": "16.5", + "objective": "Verify that untrusted data is not used within cross-domain resource sharing (CORS) to protect against arbitrary remote content.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:29:48.225Z", + "updated": "2021-06-29T18:29:48.225Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 139, + "fields": { + "category": 12, + "objective_number": "16.6", + "objective": "Verify that files obtained from untrusted sources are stored outside the webroot, with limited permissions, preferably with strong validation.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:30:05.507Z", + "updated": "2021-06-29T18:30:05.507Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 140, + "fields": { + "category": 12, + "objective_number": "16.7", + "objective": "Verify that the web or application server is configured by default to deny access to remote resources or systems outside the web or application server.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:30:24.537Z", + "updated": "2021-06-29T18:30:24.537Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 141, + "fields": { + "category": 12, + "objective_number": "16.8", + "objective": "Verify the application code does not execute uploaded data obtained from untrusted sources.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:30:41.998Z", + "updated": "2021-06-29T18:30:41.998Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 142, + "fields": { + "category": 12, + "objective_number": "16.9", + "objective": "Verify that unsupported, insecure or deprecated client-side technologies are not used, such as NSAPI plugins, Flash, Shockwave, Active-X, Silverlight, NACL, or client-side Java applets.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:30:57.916Z", + "updated": "2021-06-29T18:30:57.916Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 143, + "fields": { + "category": 12, + "objective_number": "16.10", + "objective": "Verify that the cross-domain resource sharing (CORS) Access-Control-Allow-Origin header does not simply reflect the request's origin header or support the \"null\" origin.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:31:14.337Z", + "updated": "2021-06-29T18:31:14.337Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 144, + "fields": { + "category": 15, + "objective_number": "20.1", + "objective": "Verify that application layer debugging interfaces such USB or serial are disabled.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:30:00.289Z", + "updated": "2021-06-30T03:30:00.289Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 145, + "fields": { + "category": 15, + "objective_number": "20.2", + "objective": "Verify that cryptographic keys are unique to each individual device.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:30:19.974Z", + "updated": "2021-06-30T03:30:19.974Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 146, + "fields": { + "category": 15, + "objective_number": "20.3", + "objective": "Verify that memory protection controls such as ASLR and DEP are enabled by the embedded/IoT operating system, if applicable.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:30:34.796Z", + "updated": "2021-06-30T03:30:34.796Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 147, + "fields": { + "category": 15, + "objective_number": "20.4", + "objective": "Verify that on-chip debugging interfaces such as JTAG or SWD are disabled or that available protection mechanism is enabled and configured appropriately.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:30:55.266Z", + "updated": "2021-06-30T03:30:55.266Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 148, + "fields": { + "category": 15, + "objective_number": "20.5", + "objective": "Verify that physical debug headers are not present on the device.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:31:42.393Z", + "updated": "2021-06-30T03:31:42.393Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 149, + "fields": { + "category": 15, + "objective_number": "20.6", + "objective": "Verify that sensitive data is not stored unencrypted on the device.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:32:01.534Z", + "updated": "2021-06-30T03:32:01.534Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 150, + "fields": { + "category": 15, + "objective_number": "20.7", + "objective": "Verify that the device prevents leaking of sensitive information.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:32:22.208Z", + "updated": "2021-06-30T03:32:22.208Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 151, + "fields": { + "category": 15, + "objective_number": "20.8", + "objective": "Verify that the firmware apps protect data-in-transit using transport security.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:32:56.382Z", + "updated": "2021-06-30T03:32:56.382Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 152, + "fields": { + "category": 15, + "objective_number": "20.9", + "objective": "Verify that the firmware apps validate the digital signature of server connections.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:33:18.948Z", + "updated": "2021-06-30T03:33:18.948Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 153, + "fields": { + "category": 15, + "objective_number": "20.10", + "objective": "Verify that wireless communications are mutually authenticated.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:33:40.069Z", + "updated": "2021-06-30T03:33:40.069Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 154, + "fields": { + "category": 15, + "objective_number": "20.11", + "objective": "Verify that wireless communications are sent over an encrypted channel.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:34:00.224Z", + "updated": "2021-06-30T03:34:00.224Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 155, + "fields": { + "category": 15, + "objective_number": "20.12", + "objective": "Verify that the firmware apps pin the digital signature to a trusted server(s).", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:34:16.802Z", + "updated": "2021-06-30T03:34:16.802Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 156, + "fields": { + "category": 15, + "objective_number": "20.13", + "objective": "Verify the presence of physical tamper resistance and/or tamper detection features, including epoxy.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:34:36.393Z", + "updated": "2021-06-30T03:34:36.393Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 157, + "fields": { + "category": 15, + "objective_number": "20.14", + "objective": "Verify that identifying markings on chips have been removed.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:35:08.498Z", + "updated": "2021-06-30T03:35:08.498Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 158, + "fields": { + "category": 15, + "objective_number": "20.15", + "objective": "Verify that any available Intellectual Property protection technologies provided by the chip manufacturer are enabled.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:35:24.271Z", + "updated": "2021-06-30T03:35:24.271Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 159, + "fields": { + "category": 15, + "objective_number": "20.16", + "objective": "Verify security controls are in place to hinder firmware reverse engineering (e.g., removal of verbose debugging strings).", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:35:45.152Z", + "updated": "2021-06-30T03:35:45.152Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 160, + "fields": { + "category": 15, + "objective_number": "20.17", + "objective": "Verify the device validates the boot image signature before loading.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:36:02.979Z", + "updated": "2021-06-30T03:36:02.979Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 161, + "fields": { + "category": 15, + "objective_number": "20.18", + "objective": "Verify that the firmware update process is not vulnerable to time-of-check vs time-of-use attacks.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:36:19.093Z", + "updated": "2021-06-30T03:36:19.093Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 162, + "fields": { + "category": 15, + "objective_number": "20.19", + "objective": "Verify the device uses code signing and validates firmware upgrade files before installing.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:36:34.926Z", + "updated": "2021-06-30T03:36:34.926Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 163, + "fields": { + "category": 15, + "objective_number": "20.20", + "objective": "Verify that the device cannot be downgraded to old versions of valid firmware.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:36:52.972Z", + "updated": "2021-06-30T03:36:52.972Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 164, + "fields": { + "category": 15, + "objective_number": "20.21", + "objective": "Verify usage of cryptographically secure pseudo-random number generator on embedded device (e.g., using chip-provided random number generators).", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:37:09.554Z", + "updated": "2021-06-30T03:37:09.554Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 165, + "fields": { + "category": 15, + "objective_number": "20.22", + "objective": "Verify that the device wipes firmware and sensitive data upon detection of tampering or receipt of invalid message.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:37:31.703Z", + "updated": "2021-06-30T03:37:31.703Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 166, + "fields": { + "category": 15, + "objective_number": "20.23", + "objective": "Verify that only microcontrollers that support disabling debugging interfaces (e.g. JTAG, SWD) are used.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:37:43.128Z", + "updated": "2021-06-30T03:37:43.128Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 167, + "fields": { + "category": 15, + "objective_number": "20.24", + "objective": "Verify that only microcontrollers that provide substantial protection from de-capping and side channel attacks are used.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:37:57.432Z", + "updated": "2021-06-30T03:37:57.432Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 168, + "fields": { + "category": 15, + "objective_number": "20.25", + "objective": "Verify that sensitive traces are not exposed to outer layers of the printed circuit board.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:38:10.177Z", + "updated": "2021-06-30T03:38:10.177Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 169, + "fields": { + "category": 15, + "objective_number": "20.26", + "objective": "Verify that inter-chip communication is encrypted.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:38:22.674Z", + "updated": "2021-06-30T03:38:22.674Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 170, + "fields": { + "category": 15, + "objective_number": "20.27", + "objective": "Verify the device uses code signing and validates code before execution.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:38:35.542Z", + "updated": "2021-06-30T03:38:35.542Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 171, + "fields": { + "category": 15, + "objective_number": "20.27", + "objective": "Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:38:53.380Z", + "updated": "2021-06-30T03:38:53.380Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 172, + "fields": { + "category": 15, + "objective_number": "20.29", + "objective": "Verify that the firmware apps utilize kernel containers for isolation between apps.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:39:11.285Z", + "updated": "2021-06-30T03:39:11.285Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 173, + "fields": { + "category": 14, + "objective_number": "19.1", + "objective": "Verify that all components are up to date with proper security configuration(s) and version(s). This should include removal of unneeded configurations and folders such as sample applications, platform documentation, and default or example users.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:46:31.397Z", + "updated": "2021-06-30T03:46:31.397Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 174, + "fields": { + "category": 14, + "objective_number": "19.2", + "objective": "Verify that communications between components, such as between the application server and the database server, are encrypted, particularly when the components are in different containers or on different systems.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:46:49.459Z", + "updated": "2021-06-30T03:46:49.459Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 175, + "fields": { + "category": 14, + "objective_number": "19.3", + "objective": "Verify that communications between components, such as between the application server and the database server, is authenticated using an account with the least necessary privileges.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:47:06.199Z", + "updated": "2021-06-30T03:47:06.199Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 176, + "fields": { + "category": 14, + "objective_number": "19.4", + "objective": "Verify application deployments are adequately sandboxed, containerized or isolated to delay and deter attackers from attacking other applications.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:47:28.491Z", + "updated": "2021-06-30T03:47:28.491Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 177, + "fields": { + "category": 14, + "objective_number": "19.5", + "objective": "Verify that the application build and deployment processes are performed in a secure and repeatable method, such as CI / CD automation and automated configuration management.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:49:11.230Z", + "updated": "2021-06-30T03:49:11.230Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 178, + "fields": { + "category": 14, + "objective_number": "19.6", + "objective": "Verify that authorised administrators have the capability to verify the integrity of all security-relevant configurations to detect tampering.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:49:30.929Z", + "updated": "2021-06-30T03:49:30.929Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 179, + "fields": { + "category": 14, + "objective_number": "19.7", + "objective": "Verify that all application components are signed.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:49:47.862Z", + "updated": "2021-06-30T03:49:47.863Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 180, + "fields": { + "category": 14, + "objective_number": "19.8", + "objective": "Verify that third party components come from trusted repositories.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:50:05.648Z", + "updated": "2021-06-30T03:50:05.648Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 181, + "fields": { + "category": 14, + "objective_number": "19.9", + "objective": "Verify that build processes for system level languages have all security flags enabled, such as ASLR, DEP, and security checks.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:50:24.752Z", + "updated": "2021-06-30T03:50:24.752Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 182, + "fields": { + "category": 14, + "objective_number": "19.10", + "objective": "Verify that all application assets are hosted by the application, such as JavaScript libraries, CSS stylesheets and web fonts are hosted by the application rather than rely on a CDN or external provider.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:50:41.104Z", + "updated": "2021-06-30T03:50:41.104Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 183, + "fields": { + "category": 14, + "objective_number": "19.11", + "objective": "Verify that all application components, services, and servers each use their own low privilege service account, that is not shared between applications nor used by administrators.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:50:57.938Z", + "updated": "2021-06-30T03:50:57.938Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 184, + "fields": { + "category": 13, + "objective_number": "18.1", + "objective": "Verify that the same encoding style is used between the client and the server.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:51:40.222Z", + "updated": "2021-06-30T03:51:40.222Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 185, + "fields": { + "category": 13, + "objective_number": "18.2", + "objective": "Verify that access to administration and management functions within the Web Service Application is limited to web service administrators.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:51:56.603Z", + "updated": "2021-06-30T03:51:56.603Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 186, + "fields": { + "category": 13, + "objective_number": "18.3", + "objective": "Verify that XML or JSON schema is in place and verified before accepting input.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:52:19.697Z", + "updated": "2021-06-30T03:52:19.697Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 187, + "fields": { + "category": 13, + "objective_number": "18.4", + "objective": "Verify that all input is limited to an appropriate size limit.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:52:36.709Z", + "updated": "2021-06-30T03:52:36.710Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 188, + "fields": { + "category": 13, + "objective_number": "18.5", + "objective": "Verify that SOAP based web services are compliant with Web Services-Interoperability (WS-I) Basic Profile at minimum. This essentially means TLS encryption.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:52:55.113Z", + "updated": "2021-06-30T03:52:55.113Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 189, + "fields": { + "category": 13, + "objective_number": "18.7", + "objective": "Verify that the REST service is protected from Cross-Site Request Forgery via the use of at least one or more of the following: double submit cookie pattern, CSRF nonces, ORIGIN request header checks, and referrer request header checks.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:53:15.663Z", + "updated": "2021-06-30T03:53:15.663Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 190, + "fields": { + "category": 13, + "objective_number": "18.8", + "objective": "Verify the REST service explicitly check the incoming Content-Type to be the expected one, such as application/xml or application/json.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:53:34.549Z", + "updated": "2021-06-30T03:53:34.549Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 191, + "fields": { + "category": 13, + "objective_number": "18.9", + "objective": "Verify that the message payload is signed to ensure reliable transport between client and service, using JSON Web Signing or WS-Security for SOAP requests.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:53:54.736Z", + "updated": "2021-06-30T03:53:54.736Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 192, + "fields": { + "category": 13, + "objective_number": "18.10", + "objective": "Verify that alternative and less secure access paths do not exist.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:54:23.078Z", + "updated": "2021-06-30T03:54:23.078Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 1, + "fields": { + "product": 1, + "control": 144, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 2, + "fields": { + "product": 1, + "control": 145, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 3, + "fields": { + "product": 1, + "control": 146, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 4, + "fields": { + "product": 1, + "control": 147, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 5, + "fields": { + "product": 1, + "control": 148, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 6, + "fields": { + "product": 1, + "control": 149, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 7, + "fields": { + "product": 1, + "control": 150, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 8, + "fields": { + "product": 1, + "control": 151, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 9, + "fields": { + "product": 1, + "control": 152, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 10, + "fields": { + "product": 1, + "control": 153, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 11, + "fields": { + "product": 1, + "control": 154, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 12, + "fields": { + "product": 1, + "control": 155, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 13, + "fields": { + "product": 1, + "control": 156, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 14, + "fields": { + "product": 1, + "control": 157, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 15, + "fields": { + "product": 1, + "control": 158, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 16, + "fields": { + "product": 1, + "control": 159, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 17, + "fields": { + "product": 1, + "control": 160, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 18, + "fields": { + "product": 1, + "control": 161, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 19, + "fields": { + "product": 1, + "control": 162, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 20, + "fields": { + "product": 1, + "control": 163, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 21, + "fields": { + "product": 1, + "control": 164, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 22, + "fields": { + "product": 1, + "control": 165, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 23, + "fields": { + "product": 1, + "control": 166, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 24, + "fields": { + "product": 1, + "control": 167, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 25, + "fields": { + "product": 1, + "control": 168, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 26, + "fields": { + "product": 1, + "control": 169, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 27, + "fields": { + "product": 1, + "control": 170, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 28, + "fields": { + "product": 1, + "control": 171, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 29, + "fields": { + "product": 1, + "control": 172, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 30, + "fields": { + "product": 1, + "control": 173, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 31, + "fields": { + "product": 1, + "control": 174, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 32, + "fields": { + "product": 1, + "control": 175, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 33, + "fields": { + "product": 1, + "control": 176, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 34, + "fields": { + "product": 1, + "control": 177, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 35, + "fields": { + "product": 1, + "control": 178, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 36, + "fields": { + "product": 1, + "control": 179, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 37, + "fields": { + "product": 1, + "control": 180, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 38, + "fields": { + "product": 1, + "control": 181, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 39, + "fields": { + "product": 1, + "control": 182, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 40, + "fields": { + "product": 1, + "control": 183, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 41, + "fields": { + "product": 1, + "control": 184, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 42, + "fields": { + "product": 1, + "control": 185, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 43, + "fields": { + "product": 1, + "control": 186, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 44, + "fields": { + "product": 1, + "control": 187, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 45, + "fields": { + "product": 1, + "control": 188, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 46, + "fields": { + "product": 1, + "control": 189, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 47, + "fields": { + "product": 1, + "control": 190, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 48, + "fields": { + "product": 1, + "control": 191, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 49, + "fields": { + "product": 1, + "control": 192, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 50, + "fields": { + "product": 1, + "control": 134, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 51, + "fields": { + "product": 1, + "control": 135, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 52, + "fields": { + "product": 1, + "control": 136, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 53, + "fields": { + "product": 1, + "control": 137, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 54, + "fields": { + "product": 1, + "control": 138, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 55, + "fields": { + "product": 1, + "control": 139, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 56, + "fields": { + "product": 1, + "control": 140, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 57, + "fields": { + "product": 1, + "control": 141, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 58, + "fields": { + "product": 1, + "control": 142, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 59, + "fields": { + "product": 1, + "control": 143, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 60, + "fields": { + "product": 1, + "control": 132, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 61, + "fields": { + "product": 1, + "control": 133, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 62, + "fields": { + "product": 1, + "control": 130, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 63, + "fields": { + "product": 1, + "control": 131, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 64, + "fields": { + "product": 1, + "control": 117, + "pass_fail": true, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 65, + "fields": { + "product": 1, + "control": 118, + "pass_fail": true, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 66, + "fields": { + "product": 1, + "control": 119, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 67, + "fields": { + "product": 1, + "control": 120, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 68, + "fields": { + "product": 1, + "control": 121, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 69, + "fields": { + "product": 1, + "control": 122, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 70, + "fields": { + "product": 1, + "control": 123, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 71, + "fields": { + "product": 1, + "control": 124, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 72, + "fields": { + "product": 1, + "control": 125, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 73, + "fields": { + "product": 1, + "control": 126, + "pass_fail": true, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 74, + "fields": { + "product": 1, + "control": 127, + "pass_fail": true, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 75, + "fields": { + "product": 1, + "control": 128, + "pass_fail": true, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 76, + "fields": { + "product": 1, + "control": 129, + "pass_fail": true, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 77, + "fields": { + "product": 1, + "control": 110, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 78, + "fields": { + "product": 1, + "control": 105, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 79, + "fields": { + "product": 1, + "control": 106, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 80, + "fields": { + "product": 1, + "control": 107, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 81, + "fields": { + "product": 1, + "control": 108, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 82, + "fields": { + "product": 1, + "control": 109, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 83, + "fields": { + "product": 1, + "control": 111, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 84, + "fields": { + "product": 1, + "control": 112, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 85, + "fields": { + "product": 1, + "control": 113, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 86, + "fields": { + "product": 1, + "control": 114, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 87, + "fields": { + "product": 1, + "control": 115, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 88, + "fields": { + "product": 1, + "control": 116, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 89, + "fields": { + "product": 1, + "control": 92, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 90, + "fields": { + "product": 1, + "control": 93, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 91, + "fields": { + "product": 1, + "control": 94, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 92, + "fields": { + "product": 1, + "control": 95, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 93, + "fields": { + "product": 1, + "control": 96, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 94, + "fields": { + "product": 1, + "control": 97, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 95, + "fields": { + "product": 1, + "control": 98, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 96, + "fields": { + "product": 1, + "control": 99, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 97, + "fields": { + "product": 1, + "control": 100, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 98, + "fields": { + "product": 1, + "control": 101, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 99, + "fields": { + "product": 1, + "control": 102, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 100, + "fields": { + "product": 1, + "control": 103, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 101, + "fields": { + "product": 1, + "control": 104, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 102, + "fields": { + "product": 1, + "control": 65, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 103, + "fields": { + "product": 1, + "control": 66, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 104, + "fields": { + "product": 1, + "control": 67, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 105, + "fields": { + "product": 1, + "control": 68, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 106, + "fields": { + "product": 1, + "control": 69, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 107, + "fields": { + "product": 1, + "control": 70, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 108, + "fields": { + "product": 1, + "control": 71, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 109, + "fields": { + "product": 1, + "control": 72, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 110, + "fields": { + "product": 1, + "control": 73, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 111, + "fields": { + "product": 1, + "control": 74, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 112, + "fields": { + "product": 1, + "control": 75, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 113, + "fields": { + "product": 1, + "control": 76, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 114, + "fields": { + "product": 1, + "control": 77, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 115, + "fields": { + "product": 1, + "control": 78, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 116, + "fields": { + "product": 1, + "control": 79, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 117, + "fields": { + "product": 1, + "control": 80, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 118, + "fields": { + "product": 1, + "control": 81, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 119, + "fields": { + "product": 1, + "control": 82, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 120, + "fields": { + "product": 1, + "control": 83, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 121, + "fields": { + "product": 1, + "control": 84, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 122, + "fields": { + "product": 1, + "control": 53, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 123, + "fields": { + "product": 1, + "control": 54, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 124, + "fields": { + "product": 1, + "control": 55, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 125, + "fields": { + "product": 1, + "control": 56, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 126, + "fields": { + "product": 1, + "control": 57, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 127, + "fields": { + "product": 1, + "control": 58, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 128, + "fields": { + "product": 1, + "control": 59, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 129, + "fields": { + "product": 1, + "control": 60, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 130, + "fields": { + "product": 1, + "control": 61, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 131, + "fields": { + "product": 1, + "control": 62, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 132, + "fields": { + "product": 1, + "control": 63, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 133, + "fields": { + "product": 1, + "control": 64, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 134, + "fields": { + "product": 1, + "control": 42, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 135, + "fields": { + "product": 1, + "control": 43, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 136, + "fields": { + "product": 1, + "control": 44, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 137, + "fields": { + "product": 1, + "control": 45, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 138, + "fields": { + "product": 1, + "control": 46, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 139, + "fields": { + "product": 1, + "control": 47, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 140, + "fields": { + "product": 1, + "control": 48, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 141, + "fields": { + "product": 1, + "control": 49, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 142, + "fields": { + "product": 1, + "control": 50, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 143, + "fields": { + "product": 1, + "control": 51, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 144, + "fields": { + "product": 1, + "control": 52, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 145, + "fields": { + "product": 1, + "control": 5, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 146, + "fields": { + "product": 1, + "control": 6, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 147, + "fields": { + "product": 1, + "control": 7, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 148, + "fields": { + "product": 1, + "control": 8, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 149, + "fields": { + "product": 1, + "control": 9, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 150, + "fields": { + "product": 1, + "control": 11, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 151, + "fields": { + "product": 1, + "control": 12, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 152, + "fields": { + "product": 1, + "control": 13, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 153, + "fields": { + "product": 1, + "control": 14, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 154, + "fields": { + "product": 1, + "control": 15, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 155, + "fields": { + "product": 1, + "control": 16, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 156, + "fields": { + "product": 1, + "control": 17, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 157, + "fields": { + "product": 1, + "control": 4, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 158, + "fields": { + "product": 1, + "control": 18, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 159, + "fields": { + "product": 1, + "control": 19, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 160, + "fields": { + "product": 1, + "control": 20, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 161, + "fields": { + "product": 1, + "control": 21, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 162, + "fields": { + "product": 1, + "control": 22, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 163, + "fields": { + "product": 1, + "control": 23, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 164, + "fields": { + "product": 1, + "control": 24, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 165, + "fields": { + "product": 1, + "control": 25, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 166, + "fields": { + "product": 1, + "control": 26, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 167, + "fields": { + "product": 1, + "control": 27, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 168, + "fields": { + "product": 1, + "control": 28, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 169, + "fields": { + "product": 1, + "control": 29, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 170, + "fields": { + "product": 1, + "control": 30, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 171, + "fields": { + "product": 1, + "control": 31, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 172, + "fields": { + "product": 1, + "control": 32, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 173, + "fields": { + "product": 1, + "control": 33, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 174, + "fields": { + "product": 1, + "control": 34, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 175, + "fields": { + "product": 1, + "control": 35, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 176, + "fields": { + "product": 1, + "control": 36, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 177, + "fields": { + "product": 1, + "control": 37, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 178, + "fields": { + "product": 1, + "control": 38, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 179, + "fields": { + "product": 1, + "control": 39, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 180, + "fields": { + "product": 1, + "control": 40, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 181, + "fields": { + "product": 1, + "control": 41, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 182, + "fields": { + "product": 1, + "control": 1, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 183, + "fields": { + "product": 1, + "control": 2, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 184, + "fields": { + "product": 1, + "control": 3, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 185, + "fields": { + "product": 1, + "control": 85, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 186, + "fields": { + "product": 1, + "control": 86, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 187, + "fields": { + "product": 1, + "control": 87, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 188, + "fields": { + "product": 1, + "control": 88, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 189, + "fields": { + "product": 1, + "control": 89, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 190, + "fields": { + "product": 1, + "control": 90, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 191, + "fields": { + "product": 1, + "control": 91, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product_summary", + "pk": 1, + "fields": { + "product": 1, + "benchmark_type": 1, + "desired_level": "Level 1", + "current_level": "None", + "asvs_level_1_benchmark": 83, + "asvs_level_1_score": 6, + "asvs_level_2_benchmark": 73, + "asvs_level_2_score": 0, + "asvs_level_3_benchmark": 35, + "asvs_level_3_score": 0, + "publish": false, + "created": "2021-11-04T08:22:00.291Z", + "updated": "2021-11-04T08:22:00.291Z" + } +}, +{ + "model": "dojo.question", + "pk": 3, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:31:16Z", + "modified": "2018-06-17T19:31:16Z", + "order": 1, + "optional": false, + "text": "What kind of infrastructure will you be using (cloud servers, load balancers, dedicated hardware, etc)?" + } +}, +{ + "model": "dojo.question", + "pk": 4, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:31:30Z", + "modified": "2018-06-17T19:31:30Z", + "order": 1, + "optional": false, + "text": "Will there be a staging/pre-prod environment?" + } +}, +{ + "model": "dojo.question", + "pk": 5, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:31:45Z", + "modified": "2018-06-17T19:31:45Z", + "order": 1, + "optional": false, + "text": "How many servers/regions will be used for production?" + } +}, +{ + "model": "dojo.question", + "pk": 6, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:52:57Z", + "modified": "2018-06-17T19:52:57Z", + "order": 1, + "optional": false, + "text": "What kind of OS and other software will these servers run?" + } +}, +{ + "model": "dojo.question", + "pk": 7, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:53:37Z", + "modified": "2018-06-17T19:53:37Z", + "order": 1, + "optional": false, + "text": "Where does the product live? (Public cloud, private cloud, dedicated, etc.)" + } +}, +{ + "model": "dojo.question", + "pk": 8, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:54:20Z", + "modified": "2018-06-17T19:54:20Z", + "order": 1, + "optional": false, + "text": "If public cloud, are regions and environments separated into different accounts? Who manages the accounts?" + } +}, +{ + "model": "dojo.question", + "pk": 9, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:54:34Z", + "modified": "2018-06-17T19:54:34Z", + "order": 1, + "optional": false, + "text": "How will your servers talk to one another, if at all?" + } +}, +{ + "model": "dojo.question", + "pk": 10, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:54:48Z", + "modified": "2018-06-17T19:54:48Z", + "order": 1, + "optional": false, + "text": "How will you manage this infrastructure?" + } +}, +{ + "model": "dojo.question", + "pk": 11, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:55:00Z", + "modified": "2018-06-17T19:55:00Z", + "order": 1, + "optional": false, + "text": "What is your patching schedule?" + } +}, +{ + "model": "dojo.question", + "pk": 12, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:55:20Z", + "modified": "2018-06-17T19:55:20Z", + "order": 1, + "optional": false, + "text": "How will admin users (e.g., Ops) authenticate to the servers (LDAP based login, SSH Keys, local access)?" + } +}, +{ + "model": "dojo.question", + "pk": 13, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:56:24Z", + "modified": "2018-06-17T19:56:24Z", + "order": 1, + "optional": false, + "text": "What components do you have as part of your product (Web UI, REST API, command line app, mobile app, etc.)?" + } +}, +{ + "model": "dojo.question", + "pk": 14, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:57:22Z", + "modified": "2018-06-17T19:57:22Z", + "order": 1, + "optional": false, + "text": "What access control limitations are in place?" + } +}, +{ + "model": "dojo.question", + "pk": 15, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:57:34Z", + "modified": "2018-06-17T19:57:34Z", + "order": 1, + "optional": false, + "text": "How is access control enforced? (IP whitelists, role-based access controls, etc.)" + } +}, +{ + "model": "dojo.question", + "pk": 16, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:57:55Z", + "modified": "2018-06-17T19:57:55Z", + "order": 1, + "optional": false, + "text": "What Identity roles (if any) are utilized by the app and how many people are estimated to be inside those groups?" + } +}, +{ + "model": "dojo.question", + "pk": 17, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:58:36Z", + "modified": "2018-06-17T19:58:36Z", + "order": 1, + "optional": false, + "text": "What is the criteria for being added to these groups? Are they audited and auto-purged?" + } +}, +{ + "model": "dojo.question", + "pk": 18, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:00:35Z", + "modified": "2018-06-17T20:00:35Z", + "order": 1, + "optional": false, + "text": "Are you logging all sensitive user actions, such as user registration, permission modification, login attempts, admin functions, etc.?" + } +}, +{ + "model": "dojo.question", + "pk": 19, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:00:46Z", + "modified": "2018-06-17T20:00:46Z", + "order": 1, + "optional": false, + "text": "What identifying information are you logging?" + } +}, +{ + "model": "dojo.question", + "pk": 20, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:00:58Z", + "modified": "2018-06-17T20:00:58Z", + "order": 1, + "optional": false, + "text": "Where are these logs stored?" + } +}, +{ + "model": "dojo.question", + "pk": 21, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:02:18Z", + "modified": "2018-06-17T20:02:18Z", + "order": 1, + "optional": false, + "text": "How does an end user interact with the product? Do they visit it in their browser, use a proxy or a special CLI tool, log in through a terminal server, etc?" + } +}, +{ + "model": "dojo.question", + "pk": 22, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:02:32Z", + "modified": "2018-06-17T20:02:32Z", + "order": 1, + "optional": false, + "text": "How public-facing is this product? (customer tool, open source project, etc.)" + } +}, +{ + "model": "dojo.question", + "pk": 23, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:02:46Z", + "modified": "2018-06-17T20:02:46Z", + "order": 1, + "optional": false, + "text": "When does information cross a privacy boundary within your application flow? For instance public cloud -> private cloud, public internet -> public cloud, etc." + } +}, +{ + "model": "dojo.question", + "pk": 24, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:02:57Z", + "modified": "2018-06-17T20:02:57Z", + "order": 1, + "optional": false, + "text": "What services/products does your product consume? What services/products consume it?" + } +}, +{ + "model": "dojo.question", + "pk": 25, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:04:46Z", + "modified": "2018-06-17T20:04:46Z", + "order": 1, + "optional": false, + "text": "What customer or corporate information does your product consume?" + } +}, +{ + "model": "dojo.question", + "pk": 26, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:05:10Z", + "modified": "2018-06-17T20:05:10Z", + "order": 1, + "optional": false, + "text": "What information does the product store?" + } +}, +{ + "model": "dojo.question", + "pk": 27, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:05:22Z", + "modified": "2018-06-17T20:05:22Z", + "order": 1, + "optional": false, + "text": "Where, how, and for how long is it stored?" + } +}, +{ + "model": "dojo.question", + "pk": 28, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:05:32Z", + "modified": "2018-06-17T20:05:32Z", + "order": 1, + "optional": false, + "text": "Is encryption / hashing used where appropriate?" + } +}, +{ + "model": "dojo.question", + "pk": 29, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:05:43Z", + "modified": "2018-06-17T20:05:43Z", + "order": 1, + "optional": false, + "text": "Are you rolling your own identification system? If so, have you considered integrating with SSO instead?" + } +}, +{ + "model": "dojo.question", + "pk": 30, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:05:57Z", + "modified": "2018-06-17T20:05:57Z", + "order": 1, + "optional": false, + "text": "What information does the product send to the user?" + } +}, +{ + "model": "dojo.question", + "pk": 31, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:06:15Z", + "modified": "2018-06-17T20:06:15Z", + "order": 1, + "optional": false, + "text": "If you're managing passwords or keys across multiple servers/endpoints, where and how is that information stored?" + } +}, +{ + "model": "dojo.question", + "pk": 32, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:08:08Z", + "modified": "2018-06-17T20:08:08Z", + "order": 1, + "optional": false, + "text": "What third party tools and libraries are you using? Please provide a package dump as well (apt, pip, bower, etc.)" + } +}, +{ + "model": "dojo.question", + "pk": 33, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:08:19Z", + "modified": "2018-06-17T20:08:19Z", + "order": 1, + "optional": false, + "text": "What ports should be open on each node, and what services do they expose?" + } +}, +{ + "model": "dojo.question", + "pk": 34, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:08:30Z", + "modified": "2018-06-17T20:08:30Z", + "order": 1, + "optional": false, + "text": "What service accounts are you utilizing, and what roles do they have?" + } +}, +{ + "model": "dojo.question", + "pk": 35, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:08:43Z", + "modified": "2018-06-17T20:08:43Z", + "order": 1, + "optional": false, + "text": "What DNS entries do you have set up? (Most importantly, public-facing systems)" + } +}, +{ + "model": "dojo.question", + "pk": 36, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:08:54Z", + "modified": "2018-06-17T20:08:54Z", + "order": 1, + "optional": false, + "text": "What type of monitoring are you doing? (IDS, cloud monitoring, custom log parsing script, etc.)" + } +}, +{ + "model": "dojo.question", + "pk": 37, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:10:15Z", + "modified": "2018-06-17T20:10:15Z", + "order": 1, + "optional": false, + "text": "List the IPs for all infrastructure utilized for the environment in question." + } +}, +{ + "model": "dojo.question", + "pk": 38, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:10:30Z", + "modified": "2018-06-17T20:10:30Z", + "order": 1, + "optional": false, + "text": "List of endpoints and documentation for any APIs created by your product." + } +}, +{ + "model": "dojo.question", + "pk": 39, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:10:42Z", + "modified": "2018-06-17T20:10:42Z", + "order": 1, + "optional": false, + "text": "Locations of any web UIs or other important URLs" + } +}, +{ + "model": "dojo.question", + "pk": 40, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:10:52Z", + "modified": "2018-06-17T20:10:52Z", + "order": 1, + "optional": false, + "text": "List of any service accounts or other access requests relevant to your product" + } +}, +{ + "model": "dojo.question", + "pk": 41, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:11:04Z", + "modified": "2018-06-17T20:11:04Z", + "order": 1, + "optional": false, + "text": "The contact information of QE who are testing the products." + } +}, +{ + "model": "dojo.question", + "pk": 42, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:11:17Z", + "modified": "2018-06-17T20:11:17Z", + "order": 1, + "optional": false, + "text": "The list of people that should be notified for our security testing." + } +}, +{ + "model": "dojo.question", + "pk": 43, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:11:30Z", + "modified": "2018-06-17T20:11:30Z", + "order": 1, + "optional": false, + "text": "Any security testing that we should not run, and/or times when you would prefer we not test." + } +}, +{ + "model": "dojo.textquestion", + "pk": 3, + "fields": { + "question_ptr": 3 + } +}, +{ + "model": "dojo.textquestion", + "pk": 4, + "fields": { + "question_ptr": 4 + } +}, +{ + "model": "dojo.textquestion", + "pk": 5, + "fields": { + "question_ptr": 5 + } +}, +{ + "model": "dojo.textquestion", + "pk": 6, + "fields": { + "question_ptr": 6 + } +}, +{ + "model": "dojo.textquestion", + "pk": 7, + "fields": { + "question_ptr": 7 + } +}, +{ + "model": "dojo.textquestion", + "pk": 8, + "fields": { + "question_ptr": 8 + } +}, +{ + "model": "dojo.textquestion", + "pk": 9, + "fields": { + "question_ptr": 9 + } +}, +{ + "model": "dojo.textquestion", + "pk": 10, + "fields": { + "question_ptr": 10 + } +}, +{ + "model": "dojo.textquestion", + "pk": 11, + "fields": { + "question_ptr": 11 + } +}, +{ + "model": "dojo.textquestion", + "pk": 12, + "fields": { + "question_ptr": 12 + } +}, +{ + "model": "dojo.textquestion", + "pk": 13, + "fields": { + "question_ptr": 13 + } +}, +{ + "model": "dojo.textquestion", + "pk": 14, + "fields": { + "question_ptr": 14 + } +}, +{ + "model": "dojo.textquestion", + "pk": 15, + "fields": { + "question_ptr": 15 + } +}, +{ + "model": "dojo.textquestion", + "pk": 16, + "fields": { + "question_ptr": 16 + } +}, +{ + "model": "dojo.textquestion", + "pk": 17, + "fields": { + "question_ptr": 17 + } +}, +{ + "model": "dojo.textquestion", + "pk": 18, + "fields": { + "question_ptr": 18 + } +}, +{ + "model": "dojo.textquestion", + "pk": 19, + "fields": { + "question_ptr": 19 + } +}, +{ + "model": "dojo.textquestion", + "pk": 20, + "fields": { + "question_ptr": 20 + } +}, +{ + "model": "dojo.textquestion", + "pk": 21, + "fields": { + "question_ptr": 21 + } +}, +{ + "model": "dojo.textquestion", + "pk": 22, + "fields": { + "question_ptr": 22 + } +}, +{ + "model": "dojo.textquestion", + "pk": 23, + "fields": { + "question_ptr": 23 + } +}, +{ + "model": "dojo.textquestion", + "pk": 24, + "fields": { + "question_ptr": 24 + } +}, +{ + "model": "dojo.textquestion", + "pk": 25, + "fields": { + "question_ptr": 25 + } +}, +{ + "model": "dojo.textquestion", + "pk": 26, + "fields": { + "question_ptr": 26 + } +}, +{ + "model": "dojo.textquestion", + "pk": 27, + "fields": { + "question_ptr": 27 + } +}, +{ + "model": "dojo.textquestion", + "pk": 28, + "fields": { + "question_ptr": 28 + } +}, +{ + "model": "dojo.textquestion", + "pk": 29, + "fields": { + "question_ptr": 29 + } +}, +{ + "model": "dojo.textquestion", + "pk": 30, + "fields": { + "question_ptr": 30 + } +}, +{ + "model": "dojo.textquestion", + "pk": 31, + "fields": { + "question_ptr": 31 + } +}, +{ + "model": "dojo.textquestion", + "pk": 32, + "fields": { + "question_ptr": 32 + } +}, +{ + "model": "dojo.textquestion", + "pk": 33, + "fields": { + "question_ptr": 33 + } +}, +{ + "model": "dojo.textquestion", + "pk": 34, + "fields": { + "question_ptr": 34 + } +}, +{ + "model": "dojo.textquestion", + "pk": 35, + "fields": { + "question_ptr": 35 + } +}, +{ + "model": "dojo.textquestion", + "pk": 36, + "fields": { + "question_ptr": 36 + } +}, +{ + "model": "dojo.textquestion", + "pk": 37, + "fields": { + "question_ptr": 37 + } +}, +{ + "model": "dojo.textquestion", + "pk": 38, + "fields": { + "question_ptr": 38 + } +}, +{ + "model": "dojo.textquestion", + "pk": 39, + "fields": { + "question_ptr": 39 + } +}, +{ + "model": "dojo.textquestion", + "pk": 40, + "fields": { + "question_ptr": 40 + } +}, +{ + "model": "dojo.textquestion", + "pk": 41, + "fields": { + "question_ptr": 41 + } +}, +{ + "model": "dojo.textquestion", + "pk": 42, + "fields": { + "question_ptr": 42 + } +}, +{ + "model": "dojo.textquestion", + "pk": 43, + "fields": { + "question_ptr": 43 + } +}, +{ + "model": "dojo.engagement_survey", + "pk": 2, + "fields": { + "name": "Infrastructure", + "description": "Questions regarding the products physical infrastructure.", + "active": true, + "questions": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12 + ] + } +}, +{ + "model": "dojo.engagement_survey", + "pk": 3, + "fields": { + "name": "Testing Preparation", + "description": "Tell us about the specific components that make up your application.", + "active": true, + "questions": [ + 13, + 37, + 38, + 39, + 40, + 41, + 42, + 43 + ] + } +}, +{ + "model": "dojo.engagement_survey", + "pk": 4, + "fields": { + "name": "Access Control", + "description": "Tell us about the access control configured for your application.", + "active": true, + "questions": [ + 14, + 15, + 16, + 17, + 18, + 19, + 20 + ] + } +}, +{ + "model": "dojo.engagement_survey", + "pk": 5, + "fields": { + "name": "Information Flow / Dependency Modeling", + "description": "Tell us how is your application used.", + "active": true, + "questions": [ + 21, + 22, + 23, + 24 + ] + } +}, +{ + "model": "dojo.engagement_survey", + "pk": 6, + "fields": { + "name": "Information Management", + "description": "Tell us what kind of data you are storing/managing.", + "active": true, + "questions": [ + 25, + 26, + 27, + 28, + 29, + 30, + 31 + ] + } +}, +{ + "model": "dojo.engagement_survey", + "pk": 7, + "fields": { + "name": "Inventory", + "description": "Give us detail about your application.", + "active": true, + "questions": [ + 32, + 33, + 34, + 35, + 36 + ] + } +}, +{ + "model": "dojo.location", + "pk": 1, + "fields": { + "created": "2026-01-26T15:45:41.735Z", + "updated": "2026-01-26T15:45:41.735Z", + "location_type": "url", + "location_value": "ssh://127.0.0.1", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 2, + "fields": { + "created": "2026-01-26T15:45:41.756Z", + "updated": "2026-01-26T15:45:41.756Z", + "location_type": "url", + "location_value": "127.0.0.1", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 3, + "fields": { + "created": "2026-01-26T15:45:41.767Z", + "updated": "2026-01-26T15:45:41.767Z", + "location_type": "url", + "location_value": "ftp://localhost/", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 4, + "fields": { + "created": "2026-01-26T15:45:41.777Z", + "updated": "2026-01-26T15:45:41.777Z", + "location_type": "url", + "location_value": "http://localhost:8888/", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 5, + "fields": { + "created": "2026-01-26T15:45:41.787Z", + "updated": "2026-01-26T15:45:41.787Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 6, + "fields": { + "created": "2026-01-26T15:45:41.797Z", + "updated": "2026-01-26T15:45:41.797Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/about.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 7, + "fields": { + "created": "2026-01-26T15:45:41.807Z", + "updated": "2026-01-26T15:45:41.807Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/admin.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 8, + "fields": { + "created": "2026-01-26T15:45:41.818Z", + "updated": "2026-01-26T15:45:41.818Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/advanced.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 9, + "fields": { + "created": "2026-01-26T15:45:41.828Z", + "updated": "2026-01-26T15:45:41.828Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/basket.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 10, + "fields": { + "created": "2026-01-26T15:45:41.838Z", + "updated": "2026-01-26T15:45:41.838Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/contact.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 11, + "fields": { + "created": "2026-01-26T15:45:41.850Z", + "updated": "2026-01-26T15:45:41.850Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/home.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 12, + "fields": { + "created": "2026-01-26T15:45:41.859Z", + "updated": "2026-01-26T15:45:41.859Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/login.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 13, + "fields": { + "created": "2026-01-26T15:45:41.870Z", + "updated": "2026-01-26T15:45:41.870Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/logout.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 14, + "fields": { + "created": "2026-01-26T15:45:41.880Z", + "updated": "2026-01-26T15:45:41.880Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/password.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 15, + "fields": { + "created": "2026-01-26T15:45:41.891Z", + "updated": "2026-01-26T15:45:41.891Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/product.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 16, + "fields": { + "created": "2026-01-26T15:45:41.902Z", + "updated": "2026-01-26T15:45:41.902Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/register.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 17, + "fields": { + "created": "2026-01-26T15:45:41.912Z", + "updated": "2026-01-26T15:45:41.912Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/score.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 18, + "fields": { + "created": "2026-01-26T15:45:41.922Z", + "updated": "2026-01-26T15:45:41.922Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/search.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 19, + "fields": { + "created": "2026-01-26T15:45:41.932Z", + "updated": "2026-01-26T15:45:41.932Z", + "location_type": "url", + "location_value": "http://127.0.0.1/endpoint/420/edit/", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 1, + "fields": { + "created": "2026-01-26T15:45:41.753Z", + "updated": "2026-01-26T15:45:41.753Z", + "location": 1, + "product": 3, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 2, + "fields": { + "created": "2026-01-26T15:45:41.763Z", + "updated": "2026-01-26T15:45:41.763Z", + "location": 2, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 3, + "fields": { + "created": "2026-01-26T15:45:41.774Z", + "updated": "2026-01-26T15:45:41.774Z", + "location": 3, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 4, + "fields": { + "created": "2026-01-26T15:45:41.784Z", + "updated": "2026-01-26T15:45:41.784Z", + "location": 4, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 5, + "fields": { + "created": "2026-01-26T15:45:41.794Z", + "updated": "2026-01-26T15:45:41.794Z", + "location": 5, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 6, + "fields": { + "created": "2026-01-26T15:45:41.804Z", + "updated": "2026-01-26T15:45:41.804Z", + "location": 6, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 7, + "fields": { + "created": "2026-01-26T15:45:41.814Z", + "updated": "2026-01-26T15:45:41.814Z", + "location": 7, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 8, + "fields": { + "created": "2026-01-26T15:45:41.825Z", + "updated": "2026-01-26T15:45:41.825Z", + "location": 8, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 9, + "fields": { + "created": "2026-01-26T15:45:41.835Z", + "updated": "2026-01-26T15:45:41.835Z", + "location": 9, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 10, + "fields": { + "created": "2026-01-26T15:45:41.846Z", + "updated": "2026-01-26T15:45:41.846Z", + "location": 10, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 11, + "fields": { + "created": "2026-01-26T15:45:41.855Z", + "updated": "2026-01-26T15:45:41.855Z", + "location": 11, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 12, + "fields": { + "created": "2026-01-26T15:45:41.866Z", + "updated": "2026-01-26T15:45:41.866Z", + "location": 12, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 13, + "fields": { + "created": "2026-01-26T15:45:41.876Z", + "updated": "2026-01-26T15:45:41.876Z", + "location": 13, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 14, + "fields": { + "created": "2026-01-26T15:45:41.887Z", + "updated": "2026-01-26T15:45:41.887Z", + "location": 14, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 15, + "fields": { + "created": "2026-01-26T15:45:41.898Z", + "updated": "2026-01-26T15:45:41.898Z", + "location": 15, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 16, + "fields": { + "created": "2026-01-26T15:45:41.909Z", + "updated": "2026-01-26T15:45:41.909Z", + "location": 16, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 17, + "fields": { + "created": "2026-01-26T15:45:41.919Z", + "updated": "2026-01-26T15:45:41.919Z", + "location": 17, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 18, + "fields": { + "created": "2026-01-26T15:45:41.929Z", + "updated": "2026-01-26T15:45:41.929Z", + "location": 18, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 19, + "fields": { + "created": "2026-01-26T15:45:41.939Z", + "updated": "2026-01-26T15:45:41.939Z", + "location": 19, + "product": 2, + "status": "Mitigated" + } +}, +{ + "model": "dojo.url", + "pk": 1, + "fields": { + "location": 1, + "protocol": "ssh", + "user_info": "", + "host": "127.0.0.1", + "port": 22, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "03009c0636425af566fb6b737db82852812fe2969107ef299530a248f78c4761" + } +}, +{ + "model": "dojo.url", + "pk": 2, + "fields": { + "location": 2, + "protocol": "", + "user_info": "", + "host": "127.0.0.1", + "port": null, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "f1ef169262638cbeabd36e60b021936c5a925beda67b52bd1b52847aa10352e1" + } +}, +{ + "model": "dojo.url", + "pk": 3, + "fields": { + "location": 3, + "protocol": "ftp", + "user_info": "", + "host": "localhost", + "port": 21, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "025d6b16f8cfba2d8e15e85deb81963a84d5dd3c700614f8e8fda87378cf58aa" + } +}, +{ + "model": "dojo.url", + "pk": 4, + "fields": { + "location": 4, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "0f93015b731ab1bc5ea1332a90781a2045d46e70ec1090361f68db58265a3271" + } +}, +{ + "model": "dojo.url", + "pk": 5, + "fields": { + "location": 5, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "94405be03445dd80d4e542775bf5797252cd907ecfeb381b51f72b5f01c78e4b" + } +}, +{ + "model": "dojo.url", + "pk": 6, + "fields": { + "location": 6, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/about.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "96e8eda7ebef554ead75dd22b2b6408b19498648964075d0cd8babf16bcddea9" + } +}, +{ + "model": "dojo.url", + "pk": 7, + "fields": { + "location": 7, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/admin.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "9eac0b36d89ea41c3ca850519bdf071471991f565dc1f5c0a3385a856a2817af" + } +}, +{ + "model": "dojo.url", + "pk": 8, + "fields": { + "location": 8, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/advanced.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "b1550d532705cf9e2441cf2d42e143f21d9991b1eb964aa88e52159eb1c5ff31" + } +}, +{ + "model": "dojo.url", + "pk": 9, + "fields": { + "location": 9, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/basket.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "efaf0a94394a5a2e117454956d67a1c43f95da40b7d7d5c158b049eded4cbe07" + } +}, +{ + "model": "dojo.url", + "pk": 10, + "fields": { + "location": 10, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/contact.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "7c00a6008791144f8e587507469ba1aaf5858a497a5fd2fd4fa5c29e942c4004" + } +}, +{ + "model": "dojo.url", + "pk": 11, + "fields": { + "location": 11, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/home.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "317895cd12da9908f97ebe8e63cb6395fed39d14925b631d9d4c1362b6458c20" + } +}, +{ + "model": "dojo.url", + "pk": 12, + "fields": { + "location": 12, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/login.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "2850f6a08fa0bd443f200525cc170231ce867d810fce483a0e3867f2b8807bfb" + } +}, +{ + "model": "dojo.url", + "pk": 13, + "fields": { + "location": 13, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/logout.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "c77e801a98a44ae86442c03f8dc2c068a3ce72d745c69aa290cce2c91c5be802" + } +}, +{ + "model": "dojo.url", + "pk": 14, + "fields": { + "location": 14, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/password.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "0710d27be344e66a9b1554d493f1e14f6b060dacba8ab64b5d2f86f49b85cca2" + } +}, +{ + "model": "dojo.url", + "pk": 15, + "fields": { + "location": 15, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/product.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "95f7dc925856be6f19bcfcc4b5c542d8a382815709900d6ab91693e3864bf75e" + } +}, +{ + "model": "dojo.url", + "pk": 16, + "fields": { + "location": 16, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/register.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "fddeec108eaec6a43060f43a44e228740350710cb3c4475ddd7cc7da7f740206" + } +}, +{ + "model": "dojo.url", + "pk": 17, + "fields": { + "location": 17, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/score.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "312cfc49152f6445cdb53df02fc65c966accd3e90e709fbe63bce73703085708" + } +}, +{ + "model": "dojo.url", + "pk": 18, + "fields": { + "location": 18, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/search.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "cac8b9e23292f238ae36c2c98600c1e3c813f48a53b6f8ec4f3accb0dda42886" + } +}, +{ + "model": "dojo.url", + "pk": 19, + "fields": { + "location": 19, + "protocol": "http", + "user_info": "", + "host": "127.0.0.1", + "port": 80, + "path": "endpoint/420/edit/", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "f28d3752e452cde3e00a3aaf885fe153037ae69d9726e6a0936ee7da3225c1ad" + } +}, +{ + "model": "dojo.dojo_userevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": [ + "admin" + ], + "pgh_context": null, + "id": 1, + "last_login": "2025-02-06T22:39:20.922Z", + "is_superuser": true, + "username": "admin", + "first_name": "", + "last_name": "", + "email": "", + "is_staff": true, + "is_active": true, + "date_joined": "2021-07-02T00:21:09.430Z" + } +}, +{ + "model": "dojo.dojo_userevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": [ + "product_manager" + ], + "pgh_context": null, + "id": 2, + "last_login": "2021-11-05T07:22:26.370Z", + "is_superuser": false, + "username": "product_manager", + "first_name": "", + "last_name": "", + "email": "", + "is_staff": false, + "is_active": true, + "date_joined": "2021-07-01T07:59:51Z" + } +}, +{ + "model": "dojo.dojo_userevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": [ + "user2" + ], + "pgh_context": null, + "id": 3, + "last_login": "2021-07-04T23:13:00.869Z", + "is_superuser": false, + "username": "user2", + "first_name": "", + "last_name": "", + "email": "", + "is_staff": false, + "is_active": true, + "date_joined": "2021-07-02T00:22:09.558Z" + } +}, +{ + "model": "dojo.endpointevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "protocol": "http", + "userinfo": null, + "host": "127.0.0.1", + "port": 80, + "path": "/endpoint/420/edit/", + "query": null, + "fragment": null, + "product": 2 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "protocol": "ftp", + "userinfo": null, + "host": "localhost", + "port": 21, + "path": "/", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "protocol": "ssh", + "userinfo": null, + "host": "127.0.0.1", + "port": 22, + "path": null, + "query": null, + "fragment": null, + "product": 3 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 4, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 4, + "pgh_context": null, + "id": 4, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/login.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 5, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 5, + "pgh_context": null, + "id": 5, + "protocol": null, + "userinfo": null, + "host": "127.0.0.1", + "port": null, + "path": null, + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 6, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 6, + "pgh_context": null, + "id": 6, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/register.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 7, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 7, + "pgh_context": null, + "id": 7, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/password.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 8, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 8, + "pgh_context": null, + "id": 8, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 9, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 9, + "pgh_context": null, + "id": 9, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/basket.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 10, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 10, + "pgh_context": null, + "id": 10, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/advanced.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 11, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 11, + "pgh_context": null, + "id": 11, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/admin.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 12, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 12, + "pgh_context": null, + "id": 12, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/about.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 13, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/contact.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 14, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 14, + "pgh_context": null, + "id": 14, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/home.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 15, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 15, + "pgh_context": null, + "id": 15, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/product.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 16, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 16, + "pgh_context": null, + "id": 16, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/score.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 17, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 17, + "pgh_context": null, + "id": 17, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/search.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 18, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 18, + "pgh_context": null, + "id": 18, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 19, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 19, + "pgh_context": null, + "id": 19, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/logout.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 20, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "protocol": "http", + "userinfo": null, + "host": "127.0.0.1", + "port": 80, + "path": "/endpoint/420/edit/", + "query": null, + "fragment": null, + "product": 2 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 21, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "protocol": "ftp", + "userinfo": null, + "host": "localhost", + "port": 21, + "path": "/", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 22, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "protocol": "ssh", + "userinfo": null, + "host": "127.0.0.1", + "port": 22, + "path": null, + "query": null, + "fragment": null, + "product": 3 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 23, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 4, + "pgh_context": null, + "id": 4, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/login.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 24, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 5, + "pgh_context": null, + "id": 5, + "protocol": null, + "userinfo": null, + "host": "127.0.0.1", + "port": null, + "path": null, + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 25, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 6, + "pgh_context": null, + "id": 6, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/register.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 26, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 7, + "pgh_context": null, + "id": 7, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/password.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 27, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 8, + "pgh_context": null, + "id": 8, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 28, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 9, + "pgh_context": null, + "id": 9, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/basket.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 29, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 10, + "pgh_context": null, + "id": 10, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/advanced.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 30, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 11, + "pgh_context": null, + "id": 11, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/admin.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 31, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 12, + "pgh_context": null, + "id": 12, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/about.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 32, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/contact.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 33, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 14, + "pgh_context": null, + "id": 14, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/home.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 34, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 15, + "pgh_context": null, + "id": 15, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/product.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 35, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 16, + "pgh_context": null, + "id": 16, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/score.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 36, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 17, + "pgh_context": null, + "id": 17, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/search.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 37, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 18, + "pgh_context": null, + "id": 18, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 38, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 19, + "pgh_context": null, + "id": 19, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/logout.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.engagementevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "created": null, + "updated": null, + "name": "1st Quarter Engagement", + "description": "test Engagement", + "version": null, + "first_contacted": null, + "target_start": "2021-06-30", + "target_end": "2021-06-30", + "lead": [ + "product_manager" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 2, + "active": true, + "tracker": null, + "test_strategy": null, + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "In Progress", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "created": null, + "updated": "2021-11-04T09:15:49.870Z", + "name": "April Monthly Engagement", + "description": "Requested by the team for regular manual checkup by the security team.", + "version": null, + "first_contacted": null, + "target_start": "2021-06-30", + "target_end": "2021-06-30", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": null, + "test_strategy": "", + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "Completed", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "created": null, + "updated": null, + "name": "weekly engagement", + "description": "test Engagement", + "version": null, + "first_contacted": null, + "target_start": "2021-06-21", + "target_end": "2021-06-22", + "lead": [ + "product_manager" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 2, + "active": true, + "tracker": null, + "test_strategy": null, + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "Completed", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 4, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 4, + "pgh_context": null, + "id": 4, + "created": "2021-11-04T09:01:00.647Z", + "updated": "2021-11-04T09:14:58.726Z", + "name": "Static Scan", + "description": "Initial static scan for Bodgeit.", + "version": "v.1.2.0", + "first_contacted": null, + "target_start": "2021-11-03", + "target_end": "2021-11-10", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Completed", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 5, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 6, + "pgh_context": null, + "id": 6, + "created": "2021-11-04T09:25:29.380Z", + "updated": "2021-11-04T09:26:47.339Z", + "name": "Quarterly PCI Scan", + "description": "Reccuring Quarterly Scan", + "version": null, + "first_contacted": null, + "target_start": "2022-01-19", + "target_end": "2022-01-26", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": true, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Not Started", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 6, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 7, + "pgh_context": null, + "id": 7, + "created": "2021-11-04T09:36:15.136Z", + "updated": "2021-11-04T09:36:15.136Z", + "name": "Ad Hoc Engagement", + "description": null, + "version": null, + "first_contacted": null, + "target_start": "2021-11-03", + "target_end": "2021-11-03", + "lead": null, + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 2, + "active": false, + "tracker": null, + "test_strategy": null, + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 7, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 8, + "pgh_context": null, + "id": 8, + "created": "2021-11-04T09:42:51.116Z", + "updated": "2021-11-04T09:44:29.481Z", + "name": "Initial Assessment", + "description": "This application needs to be assesed to determine the security posture.", + "version": "10.2.1", + "first_contacted": null, + "target_start": "2021-12-20", + "target_end": "2021-12-27", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 3, + "active": true, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Not Started", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 8, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 10, + "pgh_context": null, + "id": 10, + "created": "2021-11-05T06:44:35.773Z", + "updated": "2021-11-05T06:49:39.475Z", + "name": "Multiple scanners", + "description": "Example engagement with multiple scan types.", + "version": "1.2.1", + "first_contacted": null, + "target_start": "2021-11-04", + "target_end": "2021-11-04", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Completed", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 9, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 11, + "pgh_context": null, + "id": 11, + "created": "2021-11-05T06:54:11.880Z", + "updated": "2021-11-05T06:55:42.622Z", + "name": "Manual PenTest", + "description": "Please do a manual pentest before our next release to prod.", + "version": "1.9.1", + "first_contacted": null, + "target_start": "2021-12-30", + "target_end": "2022-01-02", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": true, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Blocked", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 10, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 12, + "pgh_context": null, + "id": 12, + "created": "2021-11-05T07:06:26.136Z", + "updated": "2021-11-05T07:07:44.126Z", + "name": "CI/CD Baseline Security Test", + "description": "", + "version": "1.1.2", + "first_contacted": null, + "target_start": "2021-11-04", + "target_end": "2021-11-11", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": "https://github.com/psiinon/bodgeit", + "test_strategy": null, + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Completed", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "CI/CD", + "build_id": "89", + "commit_hash": "b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6", + "branch_tag": "master", + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": "https://github.com/psiinon/bodgeit", + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 11, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "created": "2021-11-05T10:43:05.446Z", + "updated": "2021-11-05T10:43:05.446Z", + "name": "AdHoc Import - Fri, 17 Aug 2018 18:20:55", + "description": null, + "version": null, + "first_contacted": null, + "target_start": "2021-11-04", + "target_end": "2021-11-04", + "lead": null, + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": true, + "tracker": null, + "test_strategy": null, + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "In Progress", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.findingevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": false, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.707Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.280Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 4, + "pgh_context": null, + "id": 4, + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.297Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 4, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 5, + "pgh_context": null, + "id": 5, + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:12.850Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 5, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 6, + "pgh_context": null, + "id": 6, + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.314Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 6, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 7, + "pgh_context": null, + "id": 7, + "created": null, + "updated": null, + "title": "Dummy Finding", + "date": "2021-03-20", + "sla_start_date": null, + "sla_expiration_date": "2021-04-19", + "cwe": 1, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "http://www.example.com", + "severity": "High", + "description": "TEST finding", + "mitigation": "MITIGATION", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.331Z", + "review_requested_by": [ + "product_manager" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "product_manager" + ], + "is_mitigated": false, + "thread_id": 1, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "product_manager" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0", + "line": 100, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 7, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 8, + "pgh_context": null, + "id": 8, + "created": "2021-11-04T09:01:32.590Z", + "updated": null, + "title": "SQL Injection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.691Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:32.587Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 8, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 9, + "pgh_context": null, + "id": 9, + "created": "2021-11-04T09:01:32.769Z", + "updated": null, + "title": "Download of Code Without Integrity Check (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.758Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:32.763Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 9, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 10, + "pgh_context": null, + "id": 10, + "created": "2021-11-04T09:01:32.948Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.904Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:32.945Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 10, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 11, + "pgh_context": null, + "id": 11, + "created": "2021-11-04T09:01:33.124Z", + "updated": null, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.527Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:33.122Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc", + "line": 134, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 11, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 12, + "pgh_context": null, + "id": 12, + "created": "2021-11-04T09:01:33.268Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.331Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:33.265Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27", + "line": 25, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 12, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "created": "2021-11-04T09:01:33.438Z", + "updated": null, + "title": "Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.484Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:33.435Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 13, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 14, + "pgh_context": null, + "id": 14, + "created": "2021-11-04T09:01:33.602Z", + "updated": null, + "title": "HttpOnlyCookies (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.422Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:33.599Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924", + "line": 46, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 14, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 15, + "pgh_context": null, + "id": 15, + "created": "2021-11-04T09:01:33.755Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.344Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:33.751Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 15, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 16, + "pgh_context": null, + "id": 16, + "created": "2021-11-04T09:01:33.905Z", + "updated": null, + "title": "Hardcoded Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.192Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:33.902Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 16, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 17, + "pgh_context": null, + "id": 17, + "created": "2021-11-04T09:01:34.060Z", + "updated": null, + "title": "Client Insecure Randomness (encryption.js)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.380Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:34.056Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6", + "line": 127, + "file_path": "/root/js/encryption.js", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 17, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 18, + "pgh_context": null, + "id": 18, + "created": "2021-11-04T09:01:34.209Z", + "updated": null, + "title": "SQL Injection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.659Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:34.206Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 18, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 19, + "pgh_context": null, + "id": 19, + "created": "2021-11-04T09:01:34.373Z", + "updated": null, + "title": "Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.772Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:34.370Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 19, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 20, + "pgh_context": null, + "id": 20, + "created": "2021-11-04T09:01:34.530Z", + "updated": null, + "title": "CGI Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.486Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:34.527Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 20, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 21, + "pgh_context": null, + "id": 21, + "created": "2021-11-04T09:01:34.702Z", + "updated": null, + "title": "Not Using a Random IV With CBC Mode (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 329, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.933Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:34.699Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c", + "line": 96, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 21, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 22, + "pgh_context": null, + "id": 22, + "created": "2021-11-04T09:01:34.865Z", + "updated": null, + "title": "Collapse of Data Into Unsafe Value (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 182, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.396Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:34.861Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 22, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 23, + "pgh_context": null, + "id": 23, + "created": "2021-11-04T09:01:35.040Z", + "updated": null, + "title": "Stored Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 646, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.227Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:35.037Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 23, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 24, + "pgh_context": null, + "id": 24, + "created": "2021-11-04T09:01:35.231Z", + "updated": null, + "title": "Hardcoded Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.053Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.227Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 24, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 25, + "pgh_context": null, + "id": 25, + "created": "2021-11-04T09:01:35.388Z", + "updated": null, + "title": "Blind SQL Injections (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.286Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:35.385Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 25, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 26, + "pgh_context": null, + "id": 26, + "created": "2021-11-04T09:01:35.563Z", + "updated": null, + "title": "Heap Inspection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.301Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.561Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e", + "line": 10, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 26, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 27, + "pgh_context": null, + "id": 27, + "created": "2021-11-04T09:01:35.729Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.640Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.724Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195", + "line": 24, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 27, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 28, + "pgh_context": null, + "id": 28, + "created": "2021-11-04T09:01:35.904Z", + "updated": null, + "title": "Trust Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 501, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.577Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.900Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 28, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 29, + "pgh_context": null, + "id": 29, + "created": "2021-11-04T09:01:36.151Z", + "updated": null, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.542Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.147Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00", + "line": 53, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 29, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 30, + "pgh_context": null, + "id": 30, + "created": "2021-11-04T09:01:36.397Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.041Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.394Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717", + "line": 280, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 30, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 31, + "pgh_context": null, + "id": 31, + "created": "2021-11-04T09:01:36.586Z", + "updated": null, + "title": "Empty Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.642Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.583Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 31, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 32, + "pgh_context": null, + "id": 32, + "created": "2021-11-04T09:01:36.781Z", + "updated": null, + "title": "Improper Resource Access Authorization (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.977Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.777Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 32, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 33, + "pgh_context": null, + "id": 33, + "created": "2021-11-04T09:01:36.976Z", + "updated": null, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.583Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:36.972Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 33, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 34, + "pgh_context": null, + "id": 34, + "created": "2021-11-04T09:01:37.211Z", + "updated": null, + "title": "Hardcoded Password in Connection String (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.145Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:37.206Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 34, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 35, + "pgh_context": null, + "id": 35, + "created": "2021-11-04T09:01:37.495Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.499Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:37.491Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 35, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 36, + "pgh_context": null, + "id": 36, + "created": "2021-11-04T09:01:37.702Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.138Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:37.698Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08", + "line": 130, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 36, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 37, + "pgh_context": null, + "id": 37, + "created": "2021-11-04T09:01:37.894Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.165Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:37.891Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03", + "line": 56, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 37, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 38, + "pgh_context": null, + "id": 38, + "created": "2021-11-04T09:01:38.083Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.328Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:38.079Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800", + "line": 78, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 38, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 39, + "pgh_context": null, + "id": 39, + "created": "2021-11-04T09:01:38.281Z", + "updated": null, + "title": "Suspected XSS (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.306Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:38.277Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17", + "line": 57, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 39, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 40, + "pgh_context": null, + "id": 40, + "created": "2021-11-04T09:01:38.499Z", + "updated": null, + "title": "Hardcoded Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.989Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:38.495Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 40, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 41, + "pgh_context": null, + "id": 41, + "created": "2021-11-04T09:01:38.694Z", + "updated": null, + "title": "Hardcoded Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.038Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:38.690Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 41, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 42, + "pgh_context": null, + "id": 42, + "created": "2021-11-04T09:01:38.895Z", + "updated": null, + "title": "Empty Password in Connection String (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.675Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:38.891Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 42, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 43, + "pgh_context": null, + "id": 43, + "created": "2021-11-04T09:01:39.107Z", + "updated": null, + "title": "Download of Code Without Integrity Check (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.727Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:39.102Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 43, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 44, + "pgh_context": null, + "id": 44, + "created": "2021-11-04T09:01:39.298Z", + "updated": null, + "title": "Information Exposure Through an Error Message (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.686Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:39.295Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63", + "line": 41, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 44, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 45, + "pgh_context": null, + "id": 45, + "created": "2021-11-04T09:01:39.448Z", + "updated": null, + "title": "SQL Injection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.628Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:39.444Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 45, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 46, + "pgh_context": null, + "id": 46, + "created": "2021-11-04T09:01:39.616Z", + "updated": null, + "title": "Empty Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.443Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:39.613Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 46, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 47, + "pgh_context": null, + "id": 47, + "created": "2021-11-04T09:01:39.814Z", + "updated": null, + "title": "CGI Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.551Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:39.809Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 47, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 48, + "pgh_context": null, + "id": 48, + "created": "2021-11-04T09:01:40.005Z", + "updated": null, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 315, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.964Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:40.001Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 48, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 49, + "pgh_context": null, + "id": 49, + "created": "2021-11-04T09:01:40.176Z", + "updated": null, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.605Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:40.173Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c", + "line": 75, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 49, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 50, + "pgh_context": null, + "id": 50, + "created": "2021-11-04T09:01:40.355Z", + "updated": null, + "title": "Hardcoded Password in Connection String (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.958Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:40.351Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f", + "line": 1, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 50, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 51, + "pgh_context": null, + "id": 51, + "created": "2021-11-04T09:01:40.539Z", + "updated": null, + "title": "Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.724Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:40.535Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 51, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 52, + "pgh_context": null, + "id": 52, + "created": "2021-11-04T09:01:40.715Z", + "updated": null, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.598Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:40.710Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4", + "line": 1, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 52, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 53, + "pgh_context": null, + "id": 53, + "created": "2021-11-04T09:01:40.869Z", + "updated": null, + "title": "Empty Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.582Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:40.865Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 53, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 54, + "pgh_context": null, + "id": 54, + "created": "2021-11-04T09:01:41.022Z", + "updated": null, + "title": "Heap Inspection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.271Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.019Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2", + "line": 8, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 54, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 55, + "pgh_context": null, + "id": 55, + "created": "2021-11-04T09:01:41.178Z", + "updated": null, + "title": "Download of Code Without Integrity Check (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.820Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.175Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 55, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 56, + "pgh_context": null, + "id": 56, + "created": "2021-11-04T09:01:41.335Z", + "updated": null, + "title": "Session Fixation (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.516Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.332Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21", + "line": 48, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 56, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 57, + "pgh_context": null, + "id": 57, + "created": "2021-11-04T09:01:41.494Z", + "updated": null, + "title": "Stored XSS (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.970Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:41.491Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c", + "line": 49, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 57, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 58, + "pgh_context": null, + "id": 58, + "created": "2021-11-04T09:01:41.669Z", + "updated": null, + "title": "Empty Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.505Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:41.667Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 58, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 59, + "pgh_context": null, + "id": 59, + "created": "2021-11-04T09:01:41.820Z", + "updated": null, + "title": "Hardcoded Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.084Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.817Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 59, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 60, + "pgh_context": null, + "id": 60, + "created": "2021-11-04T09:01:41.972Z", + "updated": null, + "title": "Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.499Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:41.970Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 60, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 61, + "pgh_context": null, + "id": 61, + "created": "2021-11-04T09:01:42.130Z", + "updated": null, + "title": "HttpOnlyCookies (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.376Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:42.127Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932", + "line": 38, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 61, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 62, + "pgh_context": null, + "id": 62, + "created": "2021-11-04T09:01:42.302Z", + "updated": null, + "title": "Download of Code Without Integrity Check (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.836Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:42.298Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 62, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 63, + "pgh_context": null, + "id": 63, + "created": "2021-11-04T09:01:42.457Z", + "updated": null, + "title": "Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.855Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:42.453Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 63, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 64, + "pgh_context": null, + "id": 64, + "created": "2021-11-04T09:01:42.620Z", + "updated": null, + "title": "Empty Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.552Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:42.617Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 64, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 65, + "pgh_context": null, + "id": 65, + "created": "2021-11-04T09:01:42.796Z", + "updated": null, + "title": "Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.547Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:42.793Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 65, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 66, + "pgh_context": null, + "id": 66, + "created": "2021-11-04T09:01:42.956Z", + "updated": null, + "title": "Improper Resource Access Authorization (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.025Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:42.953Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628", + "line": 42, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 66, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 67, + "pgh_context": null, + "id": 67, + "created": "2021-11-04T09:01:43.115Z", + "updated": null, + "title": "Download of Code Without Integrity Check (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.789Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:43.112Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 67, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 68, + "pgh_context": null, + "id": 68, + "created": "2021-11-04T09:01:43.269Z", + "updated": null, + "title": "Download of Code Without Integrity Check (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.881Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:43.267Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 68, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 69, + "pgh_context": null, + "id": 69, + "created": "2021-11-04T09:01:43.431Z", + "updated": null, + "title": "Improper Resource Access Authorization (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.831Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.428Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f", + "line": 55, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 69, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 70, + "pgh_context": null, + "id": 70, + "created": "2021-11-04T09:01:43.595Z", + "updated": null, + "title": "Race Condition Format Flaw (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.980Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.592Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a", + "line": 262, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 70, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 71, + "pgh_context": null, + "id": 71, + "created": "2021-11-04T09:01:43.752Z", + "updated": null, + "title": "Empty Password in Connection String (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.521Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.749Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e", + "line": 89, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 71, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 72, + "pgh_context": null, + "id": 72, + "created": "2021-11-04T09:01:43.931Z", + "updated": null, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.785Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.927Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725", + "line": 31, + "file_path": "/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 72, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 73, + "pgh_context": null, + "id": 73, + "created": "2021-11-04T09:01:44.091Z", + "updated": null, + "title": "Suspected XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.274Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:44.088Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 73, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 74, + "pgh_context": null, + "id": 74, + "created": "2021-11-04T09:01:44.250Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.670Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:44.247Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 74, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 75, + "pgh_context": null, + "id": 75, + "created": "2021-11-04T09:01:44.408Z", + "updated": null, + "title": "CGI Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.518Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:44.405Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 75, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 76, + "pgh_context": null, + "id": 76, + "created": "2021-11-04T09:01:44.599Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.347Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:44.595Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 76, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 77, + "pgh_context": null, + "id": 77, + "created": "2021-11-04T09:01:44.798Z", + "updated": null, + "title": "Download of Code Without Integrity Check (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.680Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:44.794Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2", + "line": 87, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 77, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 78, + "pgh_context": null, + "id": 78, + "created": "2021-11-04T09:01:44.961Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.266Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:44.955Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 78, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 79, + "pgh_context": null, + "id": 79, + "created": "2021-11-04T09:01:45.167Z", + "updated": null, + "title": "Blind SQL Injections (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.239Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:45.164Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 79, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 80, + "pgh_context": null, + "id": 80, + "created": "2021-11-04T09:01:45.338Z", + "updated": null, + "title": "Client DOM Open Redirect (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 601, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.334Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:45.335Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93", + "line": 48, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 80, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 81, + "pgh_context": null, + "id": 81, + "created": "2021-11-04T09:01:45.495Z", + "updated": null, + "title": "Hardcoded Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.208Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:45.492Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 81, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 82, + "pgh_context": null, + "id": 82, + "created": "2021-11-04T09:01:45.667Z", + "updated": null, + "title": "CGI Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.407Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:45.664Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 82, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 83, + "pgh_context": null, + "id": 83, + "created": "2021-11-04T09:01:45.809Z", + "updated": null, + "title": "Use of Insufficiently Random Values (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.793Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:45.806Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 83, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 84, + "pgh_context": null, + "id": 84, + "created": "2021-11-04T09:01:45.947Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.857Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:45.944Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 84, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 85, + "pgh_context": null, + "id": 85, + "created": "2021-11-04T09:01:46.093Z", + "updated": null, + "title": "Reflected XSS All Clients (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.595Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:46.090Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06", + "line": 18, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 85, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 86, + "pgh_context": null, + "id": 86, + "created": "2021-11-04T09:01:46.242Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.149Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:46.239Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 86, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 87, + "pgh_context": null, + "id": 87, + "created": "2021-11-04T09:01:46.417Z", + "updated": null, + "title": "Information Exposure Through an Error Message (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.810Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:46.413Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9", + "line": 37, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 87, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 88, + "pgh_context": null, + "id": 88, + "created": "2021-11-04T09:01:46.582Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.718Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:46.579Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be", + "line": 26, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 88, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 89, + "pgh_context": null, + "id": 89, + "created": "2021-11-04T09:01:46.729Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.118Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:46.727Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41", + "line": 56, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 89, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 90, + "pgh_context": null, + "id": 90, + "created": "2021-11-04T09:01:46.883Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.823Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:46.880Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e", + "line": 68, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 90, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 91, + "pgh_context": null, + "id": 91, + "created": "2021-11-04T09:01:47.032Z", + "updated": null, + "title": "CGI Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.391Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:47.029Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 91, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 92, + "pgh_context": null, + "id": 92, + "created": "2021-11-04T09:01:47.169Z", + "updated": null, + "title": "Heap Inspection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.331Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:47.166Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd", + "line": 7, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 92, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 93, + "pgh_context": null, + "id": 93, + "created": "2021-11-04T09:01:47.314Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.478Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.311Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992", + "line": 57, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 93, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 94, + "pgh_context": null, + "id": 94, + "created": "2021-11-04T09:01:47.459Z", + "updated": null, + "title": "Information Exposure Through an Error Message (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.765Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.456Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19", + "line": 70, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 94, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 95, + "pgh_context": null, + "id": 95, + "created": "2021-11-04T09:01:47.615Z", + "updated": null, + "title": "Improper Resource Access Authorization (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.907Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.612Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 95, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 96, + "pgh_context": null, + "id": 96, + "created": "2021-11-04T09:01:47.776Z", + "updated": null, + "title": "CGI Stored XSS (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.439Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:47.772Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d", + "line": 29, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 96, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 97, + "pgh_context": null, + "id": 97, + "created": "2021-11-04T09:01:47.932Z", + "updated": null, + "title": "Blind SQL Injections (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.222Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.928Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31", + "line": 173, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 97, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 98, + "pgh_context": null, + "id": 98, + "created": "2021-11-04T09:01:48.091Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.452Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:48.086Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 98, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 99, + "pgh_context": null, + "id": 99, + "created": "2021-11-04T09:01:48.247Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.685Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:48.245Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b", + "line": 53, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 99, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 100, + "pgh_context": null, + "id": 100, + "created": "2021-11-04T09:01:48.418Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.461Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:48.415Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 100, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 101, + "pgh_context": null, + "id": 101, + "created": "2021-11-04T09:01:48.575Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.251Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:48.572Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 101, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 102, + "pgh_context": null, + "id": 102, + "created": "2021-11-04T09:01:48.732Z", + "updated": null, + "title": "Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.939Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:48.730Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 102, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 103, + "pgh_context": null, + "id": 103, + "created": "2021-11-04T09:01:48.890Z", + "updated": null, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.589Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:48.887Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd", + "line": 65, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 103, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 104, + "pgh_context": null, + "id": 104, + "created": "2021-11-04T09:01:49.061Z", + "updated": null, + "title": "Improper Resource Access Authorization (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.107Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.057Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10", + "line": 14, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 104, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 105, + "pgh_context": null, + "id": 105, + "created": "2021-11-04T09:01:49.230Z", + "updated": null, + "title": "Improper Resource Access Authorization (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.892Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.227Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17", + "line": 14, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 105, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 106, + "pgh_context": null, + "id": 106, + "created": "2021-11-04T09:01:49.390Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.168Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.387Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6", + "line": 40, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 106, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 107, + "pgh_context": null, + "id": 107, + "created": "2021-11-04T09:01:49.553Z", + "updated": null, + "title": "Information Exposure Through an Error Message (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.825Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.551Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2", + "line": 58, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 107, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 108, + "pgh_context": null, + "id": 108, + "created": "2021-11-04T09:01:49.698Z", + "updated": null, + "title": "Blind SQL Injections (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.318Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.693Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 108, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 109, + "pgh_context": null, + "id": 109, + "created": "2021-11-04T09:01:49.847Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.072Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.844Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9", + "line": 45, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 109, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 110, + "pgh_context": null, + "id": 110, + "created": "2021-11-04T09:01:49.992Z", + "updated": null, + "title": "Download of Code Without Integrity Check (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.897Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:49.989Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 110, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 111, + "pgh_context": null, + "id": 111, + "created": "2021-11-04T09:01:50.133Z", + "updated": null, + "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 567, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.338Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.130Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87", + "line": 93, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 111, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 112, + "pgh_context": null, + "id": 112, + "created": "2021-11-04T09:01:50.272Z", + "updated": null, + "title": "Empty Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.753Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.269Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 112, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 113, + "pgh_context": null, + "id": 113, + "created": "2021-11-04T09:01:50.425Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.249Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.422Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 113, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 114, + "pgh_context": null, + "id": 114, + "created": "2021-11-04T09:01:50.583Z", + "updated": null, + "title": "Improper Resource Access Authorization (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.091Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.580Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 114, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 115, + "pgh_context": null, + "id": 115, + "created": "2021-11-04T09:01:50.757Z", + "updated": null, + "title": "Session Fixation (logout.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.561Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:50.754Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10", + "line": 3, + "file_path": "/root/logout.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 115, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 116, + "pgh_context": null, + "id": 116, + "created": "2021-11-04T09:01:50.920Z", + "updated": null, + "title": "Hardcoded Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.130Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:50.913Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 116, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 117, + "pgh_context": null, + "id": 117, + "created": "2021-11-04T09:01:51.100Z", + "updated": null, + "title": "Hardcoded Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.926Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:51.097Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 117, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 118, + "pgh_context": null, + "id": 118, + "created": "2021-11-04T09:01:51.303Z", + "updated": null, + "title": "Improper Resource Access Authorization (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.958Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.299Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 118, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 119, + "pgh_context": null, + "id": 119, + "created": "2021-11-04T09:01:51.529Z", + "updated": null, + "title": "Improper Resource Access Authorization (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.848Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.526Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9", + "line": 91, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 119, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 120, + "pgh_context": null, + "id": 120, + "created": "2021-11-04T09:01:51.704Z", + "updated": null, + "title": "Empty Password in Connection String (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.706Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.700Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 120, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 121, + "pgh_context": null, + "id": 121, + "created": "2021-11-04T09:01:51.884Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.397Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.881Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 121, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 122, + "pgh_context": null, + "id": 122, + "created": "2021-11-04T09:01:52.056Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.414Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.052Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28", + "line": 97, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 122, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 123, + "pgh_context": null, + "id": 123, + "created": "2021-11-04T09:01:52.205Z", + "updated": null, + "title": "Empty Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.613Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.202Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 123, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 124, + "pgh_context": null, + "id": 124, + "created": "2021-11-04T09:01:52.350Z", + "updated": null, + "title": "Information Exposure Through an Error Message (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.718Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.347Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb", + "line": 63, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 124, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 125, + "pgh_context": null, + "id": 125, + "created": "2021-11-04T09:01:52.512Z", + "updated": null, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.763Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:52.508Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88", + "line": 54, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 125, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 126, + "pgh_context": null, + "id": 126, + "created": "2021-11-04T09:01:52.665Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.806Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:52.662Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 126, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 127, + "pgh_context": null, + "id": 127, + "created": "2021-11-04T09:01:52.806Z", + "updated": null, + "title": "HttpOnlyCookies (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.407Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:52.803Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3", + "line": 35, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 127, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 128, + "pgh_context": null, + "id": 128, + "created": "2021-11-04T09:01:52.969Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.196Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.966Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99", + "line": 61, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 128, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 129, + "pgh_context": null, + "id": 129, + "created": "2021-11-04T09:01:53.115Z", + "updated": null, + "title": "Information Exposure Through an Error Message (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.638Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:53.112Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215", + "line": 99, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 129, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 130, + "pgh_context": null, + "id": 130, + "created": "2021-11-04T09:01:53.272Z", + "updated": null, + "title": "Race Condition Format Flaw (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.011Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:53.269Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1", + "line": 51, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 130, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 131, + "pgh_context": null, + "id": 131, + "created": "2021-11-04T09:01:53.428Z", + "updated": null, + "title": "Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.904Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:53.424Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 131, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 132, + "pgh_context": null, + "id": 132, + "created": "2021-11-04T09:01:53.606Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.218Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:53.603Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 132, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 133, + "pgh_context": null, + "id": 133, + "created": "2021-11-04T09:01:53.772Z", + "updated": null, + "title": "Heap Inspection (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.255Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:53.769Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 133, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 134, + "pgh_context": null, + "id": 134, + "created": "2021-11-04T09:01:53.918Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.281Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:53.915Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 134, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 135, + "pgh_context": null, + "id": 135, + "created": "2021-11-04T09:01:54.071Z", + "updated": null, + "title": "Empty Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.473Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:54.068Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 135, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 136, + "pgh_context": null, + "id": 136, + "created": "2021-11-04T09:01:54.219Z", + "updated": null, + "title": "Information Exposure Through an Error Message (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.733Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:54.216Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49", + "line": 98, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 136, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 137, + "pgh_context": null, + "id": 137, + "created": "2021-11-04T09:01:54.406Z", + "updated": null, + "title": "XSRF (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 352, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.841Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:54.403Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 137, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 138, + "pgh_context": null, + "id": 138, + "created": "2021-11-04T09:01:54.584Z", + "updated": null, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.632Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:54.581Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 138, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 139, + "pgh_context": null, + "id": 139, + "created": "2021-11-04T09:01:54.769Z", + "updated": null, + "title": "Improper Resource Access Authorization (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.056Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:54.760Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5", + "line": 29, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 139, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 140, + "pgh_context": null, + "id": 140, + "created": "2021-11-04T09:03:27.312Z", + "updated": null, + "title": "SQL Injection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.706Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:27.309Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 140, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 141, + "pgh_context": null, + "id": 141, + "created": "2021-11-04T09:03:27.478Z", + "updated": null, + "title": "Download of Code Without Integrity Check (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.743Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:27.476Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 141, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 142, + "pgh_context": null, + "id": 142, + "created": "2021-11-04T09:03:27.650Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.873Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:27.647Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 142, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 143, + "pgh_context": null, + "id": 143, + "created": "2021-11-04T09:03:27.832Z", + "updated": null, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.510Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:27.829Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc", + "line": 134, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 143, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 144, + "pgh_context": null, + "id": 144, + "created": "2021-11-04T09:03:27.993Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.315Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:27.990Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27", + "line": 25, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 144, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 145, + "pgh_context": null, + "id": 145, + "created": "2021-11-04T09:03:28.179Z", + "updated": null, + "title": "Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.470Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:28.177Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 145, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 146, + "pgh_context": null, + "id": 146, + "created": "2021-11-04T09:03:28.355Z", + "updated": null, + "title": "HttpOnlyCookies (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.437Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:28.351Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924", + "line": 46, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 146, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 147, + "pgh_context": null, + "id": 147, + "created": "2021-11-04T09:03:28.525Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.359Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:28.522Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 147, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 148, + "pgh_context": null, + "id": 148, + "created": "2021-11-04T09:03:28.692Z", + "updated": null, + "title": "Hardcoded Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.175Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:28.689Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 148, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 149, + "pgh_context": null, + "id": 149, + "created": "2021-11-04T09:03:28.867Z", + "updated": null, + "title": "Client Insecure Randomness (encryption.js)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.365Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:28.864Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6", + "line": 127, + "file_path": "/root/js/encryption.js", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 149, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 150, + "pgh_context": null, + "id": 150, + "created": "2021-11-04T09:03:29.039Z", + "updated": null, + "title": "SQL Injection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.675Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:29.036Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 150, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 151, + "pgh_context": null, + "id": 151, + "created": "2021-11-04T09:03:29.194Z", + "updated": null, + "title": "Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.756Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:29.190Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 151, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 152, + "pgh_context": null, + "id": 152, + "created": "2021-11-04T09:03:29.361Z", + "updated": null, + "title": "CGI Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.470Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:29.358Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 152, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 153, + "pgh_context": null, + "id": 153, + "created": "2021-11-04T09:03:29.549Z", + "updated": null, + "title": "Not Using a Random IV With CBC Mode (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 329, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.919Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:29.547Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c", + "line": 96, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 153, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 154, + "pgh_context": null, + "id": 154, + "created": "2021-11-04T09:03:29.701Z", + "updated": null, + "title": "Collapse of Data Into Unsafe Value (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 182, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.411Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:29.698Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 154, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 155, + "pgh_context": null, + "id": 155, + "created": "2021-11-04T09:03:29.850Z", + "updated": null, + "title": "Stored Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 646, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.244Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:29.848Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 155, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 156, + "pgh_context": null, + "id": 156, + "created": "2021-11-04T09:03:29.992Z", + "updated": null, + "title": "Hardcoded Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.069Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:29.989Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 156, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 157, + "pgh_context": null, + "id": 157, + "created": "2021-11-04T09:03:30.139Z", + "updated": null, + "title": "Blind SQL Injections (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.270Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:30.136Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 157, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 158, + "pgh_context": null, + "id": 158, + "created": "2021-11-04T09:03:30.281Z", + "updated": null, + "title": "Heap Inspection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.316Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:30.279Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e", + "line": 10, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 158, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 159, + "pgh_context": null, + "id": 159, + "created": "2021-11-04T09:03:30.451Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.624Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:30.448Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195", + "line": 24, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 159, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 160, + "pgh_context": null, + "id": 160, + "created": "2021-11-04T09:03:30.598Z", + "updated": null, + "title": "Trust Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 501, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.593Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:30.594Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 160, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 161, + "pgh_context": null, + "id": 161, + "created": "2021-11-04T09:03:30.754Z", + "updated": null, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.557Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:30.751Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00", + "line": 53, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 161, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 162, + "pgh_context": null, + "id": 162, + "created": "2021-11-04T09:03:30.913Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.056Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:30.910Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717", + "line": 280, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 162, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 163, + "pgh_context": null, + "id": 163, + "created": "2021-11-04T09:03:31.075Z", + "updated": null, + "title": "Empty Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.658Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.073Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 163, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 164, + "pgh_context": null, + "id": 164, + "created": "2021-11-04T09:03:31.228Z", + "updated": null, + "title": "Improper Resource Access Authorization (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.993Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.225Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 164, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 165, + "pgh_context": null, + "id": 165, + "created": "2021-11-04T09:03:31.382Z", + "updated": null, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.567Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:31.379Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 165, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 166, + "pgh_context": null, + "id": 166, + "created": "2021-11-04T09:03:31.524Z", + "updated": null, + "title": "Hardcoded Password in Connection String (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.160Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:31.520Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 166, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 167, + "pgh_context": null, + "id": 167, + "created": "2021-11-04T09:03:31.675Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.484Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:31.672Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 167, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 168, + "pgh_context": null, + "id": 168, + "created": "2021-11-04T09:03:31.824Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.153Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.821Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08", + "line": 130, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 168, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 169, + "pgh_context": null, + "id": 169, + "created": "2021-11-04T09:03:31.976Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.181Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.973Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03", + "line": 56, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 169, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 170, + "pgh_context": null, + "id": 170, + "created": "2021-11-04T09:03:32.130Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.313Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.127Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800", + "line": 78, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 170, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 171, + "pgh_context": null, + "id": 171, + "created": "2021-11-04T09:03:32.275Z", + "updated": null, + "title": "Suspected XSS (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.291Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:32.272Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17", + "line": 57, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 171, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 172, + "pgh_context": null, + "id": 172, + "created": "2021-11-04T09:03:32.427Z", + "updated": null, + "title": "Hardcoded Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.006Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.424Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 172, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 173, + "pgh_context": null, + "id": 173, + "created": "2021-11-04T09:03:32.579Z", + "updated": null, + "title": "Hardcoded Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.022Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.576Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 173, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 174, + "pgh_context": null, + "id": 174, + "created": "2021-11-04T09:03:32.750Z", + "updated": null, + "title": "Empty Password in Connection String (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.691Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:32.746Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 174, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 175, + "pgh_context": null, + "id": 175, + "created": "2021-11-04T09:03:32.910Z", + "updated": null, + "title": "Download of Code Without Integrity Check (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.711Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.906Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 175, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 176, + "pgh_context": null, + "id": 176, + "created": "2021-11-04T09:03:33.073Z", + "updated": null, + "title": "Information Exposure Through an Error Message (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.670Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.071Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63", + "line": 41, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 176, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 177, + "pgh_context": null, + "id": 177, + "created": "2021-11-04T09:03:33.230Z", + "updated": null, + "title": "SQL Injection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.644Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:33.227Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 177, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 178, + "pgh_context": null, + "id": 178, + "created": "2021-11-04T09:03:33.396Z", + "updated": null, + "title": "Empty Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.427Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.392Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 178, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 179, + "pgh_context": null, + "id": 179, + "created": "2021-11-04T09:03:33.589Z", + "updated": null, + "title": "CGI Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.535Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:33.583Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 179, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 180, + "pgh_context": null, + "id": 180, + "created": "2021-11-04T09:03:33.758Z", + "updated": null, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 315, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.948Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.755Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 180, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 181, + "pgh_context": null, + "id": 181, + "created": "2021-11-04T09:03:33.921Z", + "updated": null, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.622Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.917Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c", + "line": 75, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 181, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 182, + "pgh_context": null, + "id": 182, + "created": "2021-11-04T09:03:34.101Z", + "updated": null, + "title": "Hardcoded Password in Connection String (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.974Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.096Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f", + "line": 1, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 182, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 183, + "pgh_context": null, + "id": 183, + "created": "2021-11-04T09:03:34.261Z", + "updated": null, + "title": "Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.741Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:34.258Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 183, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 184, + "pgh_context": null, + "id": 184, + "created": "2021-11-04T09:03:34.457Z", + "updated": null, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.615Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.454Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4", + "line": 1, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 184, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 185, + "pgh_context": null, + "id": 185, + "created": "2021-11-04T09:03:34.632Z", + "updated": null, + "title": "Empty Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.597Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:34.627Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 185, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 186, + "pgh_context": null, + "id": 186, + "created": "2021-11-04T09:03:34.811Z", + "updated": null, + "title": "Heap Inspection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.286Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.807Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2", + "line": 8, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 186, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 187, + "pgh_context": null, + "id": 187, + "created": "2021-11-04T09:03:34.992Z", + "updated": null, + "title": "Download of Code Without Integrity Check (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.804Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.989Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 187, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 188, + "pgh_context": null, + "id": 188, + "created": "2021-11-04T09:03:35.146Z", + "updated": null, + "title": "Session Fixation (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.531Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:35.143Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21", + "line": 48, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 188, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 189, + "pgh_context": null, + "id": 189, + "created": "2021-11-04T09:03:35.308Z", + "updated": null, + "title": "Stored XSS (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.955Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:35.305Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c", + "line": 49, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 189, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 190, + "pgh_context": null, + "id": 190, + "created": "2021-11-04T09:03:35.488Z", + "updated": null, + "title": "Empty Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.489Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:35.484Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 190, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 191, + "pgh_context": null, + "id": 191, + "created": "2021-11-04T09:03:35.655Z", + "updated": null, + "title": "Hardcoded Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.099Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:35.652Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 191, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 192, + "pgh_context": null, + "id": 192, + "created": "2021-11-04T09:03:35.814Z", + "updated": null, + "title": "Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.515Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:35.811Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 192, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 193, + "pgh_context": null, + "id": 193, + "created": "2021-11-04T09:03:35.984Z", + "updated": null, + "title": "HttpOnlyCookies (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.361Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:35.980Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932", + "line": 38, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 193, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 194, + "pgh_context": null, + "id": 194, + "created": "2021-11-04T09:03:36.152Z", + "updated": null, + "title": "Download of Code Without Integrity Check (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.851Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:36.148Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 194, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 195, + "pgh_context": null, + "id": 195, + "created": "2021-11-04T09:03:36.364Z", + "updated": null, + "title": "Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.870Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:36.359Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 195, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 196, + "pgh_context": null, + "id": 196, + "created": "2021-11-04T09:03:36.557Z", + "updated": null, + "title": "Empty Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.567Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:36.552Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 196, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 197, + "pgh_context": null, + "id": 197, + "created": "2021-11-04T09:03:36.760Z", + "updated": null, + "title": "Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.563Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:36.756Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 197, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 198, + "pgh_context": null, + "id": 198, + "created": "2021-11-04T09:03:36.944Z", + "updated": null, + "title": "Improper Resource Access Authorization (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.009Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:36.938Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628", + "line": 42, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 198, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 199, + "pgh_context": null, + "id": 199, + "created": "2021-11-04T09:03:37.131Z", + "updated": null, + "title": "Download of Code Without Integrity Check (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.773Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:37.127Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 199, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 200, + "pgh_context": null, + "id": 200, + "created": "2021-11-04T09:03:37.335Z", + "updated": null, + "title": "Download of Code Without Integrity Check (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.866Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:37.333Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 200, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 201, + "pgh_context": null, + "id": 201, + "created": "2021-11-04T09:03:37.529Z", + "updated": null, + "title": "Improper Resource Access Authorization (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.815Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:37.526Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f", + "line": 55, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 201, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 202, + "pgh_context": null, + "id": 202, + "created": "2021-11-04T09:03:37.704Z", + "updated": null, + "title": "Race Condition Format Flaw (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.995Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:37.701Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a", + "line": 262, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 202, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 203, + "pgh_context": null, + "id": 203, + "created": "2021-11-04T09:03:37.904Z", + "updated": null, + "title": "Empty Password in Connection String (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.536Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:37.900Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e", + "line": 89, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 203, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 204, + "pgh_context": null, + "id": 204, + "created": "2021-11-04T09:03:38.097Z", + "updated": null, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.769Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:38.093Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725", + "line": 31, + "file_path": "/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 204, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 205, + "pgh_context": null, + "id": 205, + "created": "2021-11-04T09:03:38.273Z", + "updated": null, + "title": "Suspected XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.260Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:38.265Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 205, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 206, + "pgh_context": null, + "id": 206, + "created": "2021-11-04T09:03:38.494Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.655Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:38.480Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 206, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 207, + "pgh_context": null, + "id": 207, + "created": "2021-11-04T09:03:38.726Z", + "updated": null, + "title": "CGI Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.501Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:38.720Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 207, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 208, + "pgh_context": null, + "id": 208, + "created": "2021-11-04T09:03:38.922Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.363Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:38.918Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 208, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 209, + "pgh_context": null, + "id": 209, + "created": "2021-11-04T09:03:39.098Z", + "updated": null, + "title": "Download of Code Without Integrity Check (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.695Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:39.095Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2", + "line": 87, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 209, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 210, + "pgh_context": null, + "id": 210, + "created": "2021-11-04T09:03:39.259Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.234Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:39.256Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 210, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 211, + "pgh_context": null, + "id": 211, + "created": "2021-11-04T09:03:39.465Z", + "updated": null, + "title": "Blind SQL Injections (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.255Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:39.461Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 211, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 212, + "pgh_context": null, + "id": 212, + "created": "2021-11-04T09:03:39.630Z", + "updated": null, + "title": "Client DOM Open Redirect (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 601, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.350Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:39.627Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93", + "line": 48, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 212, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 213, + "pgh_context": null, + "id": 213, + "created": "2021-11-04T09:03:39.787Z", + "updated": null, + "title": "Hardcoded Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.224Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:39.784Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 213, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 214, + "pgh_context": null, + "id": 214, + "created": "2021-11-04T09:03:39.936Z", + "updated": null, + "title": "CGI Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.423Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:39.933Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 214, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 215, + "pgh_context": null, + "id": 215, + "created": "2021-11-04T09:03:40.133Z", + "updated": null, + "title": "Use of Insufficiently Random Values (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.809Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:40.129Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 215, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 216, + "pgh_context": null, + "id": 216, + "created": "2021-11-04T09:03:40.291Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.889Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:40.288Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 216, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 217, + "pgh_context": null, + "id": 217, + "created": "2021-11-04T09:03:40.455Z", + "updated": null, + "title": "Reflected XSS All Clients (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.578Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:40.452Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06", + "line": 18, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 217, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 218, + "pgh_context": null, + "id": 218, + "created": "2021-11-04T09:03:40.624Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.134Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:40.621Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 218, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 219, + "pgh_context": null, + "id": 219, + "created": "2021-11-04T09:03:40.780Z", + "updated": null, + "title": "Information Exposure Through an Error Message (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.795Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:40.777Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9", + "line": 37, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 219, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 220, + "pgh_context": null, + "id": 220, + "created": "2021-11-04T09:03:40.990Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.732Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:40.984Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be", + "line": 26, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 220, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 221, + "pgh_context": null, + "id": 221, + "created": "2021-11-04T09:03:41.162Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.103Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:41.158Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41", + "line": 56, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 221, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 222, + "pgh_context": null, + "id": 222, + "created": "2021-11-04T09:03:41.406Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.839Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:41.402Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e", + "line": 68, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 222, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 223, + "pgh_context": null, + "id": 223, + "created": "2021-11-04T09:03:41.600Z", + "updated": null, + "title": "CGI Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.375Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:41.596Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 223, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 224, + "pgh_context": null, + "id": 224, + "created": "2021-11-04T09:03:41.772Z", + "updated": null, + "title": "Heap Inspection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.345Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:41.769Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd", + "line": 7, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 224, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 225, + "pgh_context": null, + "id": 225, + "created": "2021-11-04T09:03:41.947Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.493Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:41.944Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992", + "line": 57, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 225, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 226, + "pgh_context": null, + "id": 226, + "created": "2021-11-04T09:03:42.129Z", + "updated": null, + "title": "Information Exposure Through an Error Message (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.780Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:42.126Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19", + "line": 70, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 226, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 227, + "pgh_context": null, + "id": 227, + "created": "2021-11-04T09:03:42.301Z", + "updated": null, + "title": "Improper Resource Access Authorization (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.922Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:42.296Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 227, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 228, + "pgh_context": null, + "id": 228, + "created": "2021-11-04T09:03:42.482Z", + "updated": null, + "title": "CGI Stored XSS (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.455Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:42.479Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d", + "line": 29, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 228, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 229, + "pgh_context": null, + "id": 229, + "created": "2021-11-04T09:03:42.670Z", + "updated": null, + "title": "Blind SQL Injections (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.204Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:42.667Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31", + "line": 173, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 229, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 230, + "pgh_context": null, + "id": 230, + "created": "2021-11-04T09:03:42.875Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.469Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:42.855Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 230, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 231, + "pgh_context": null, + "id": 231, + "created": "2021-11-04T09:03:43.252Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.702Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:43.249Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b", + "line": 53, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 231, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 232, + "pgh_context": null, + "id": 232, + "created": "2021-11-04T09:03:43.521Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.445Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:43.516Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 232, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 233, + "pgh_context": null, + "id": 233, + "created": "2021-11-04T09:03:43.816Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.266Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:43.811Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 233, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 234, + "pgh_context": null, + "id": 234, + "created": "2021-11-04T09:03:44.090Z", + "updated": null, + "title": "Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.922Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:44.082Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 234, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 235, + "pgh_context": null, + "id": 235, + "created": "2021-11-04T09:03:44.309Z", + "updated": null, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.573Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.305Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd", + "line": 65, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 235, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 236, + "pgh_context": null, + "id": 236, + "created": "2021-11-04T09:03:44.506Z", + "updated": null, + "title": "Improper Resource Access Authorization (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.123Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.500Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10", + "line": 14, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 236, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 237, + "pgh_context": null, + "id": 237, + "created": "2021-11-04T09:03:44.703Z", + "updated": null, + "title": "Improper Resource Access Authorization (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.876Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.700Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17", + "line": 14, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 237, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 238, + "pgh_context": null, + "id": 238, + "created": "2021-11-04T09:03:44.936Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.185Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.930Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6", + "line": 40, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 238, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 239, + "pgh_context": null, + "id": 239, + "created": "2021-11-04T09:03:45.150Z", + "updated": null, + "title": "Information Exposure Through an Error Message (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.841Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:45.147Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2", + "line": 58, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 239, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 240, + "pgh_context": null, + "id": 240, + "created": "2021-11-04T09:03:45.387Z", + "updated": null, + "title": "Blind SQL Injections (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.302Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:45.382Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 240, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 241, + "pgh_context": null, + "id": 241, + "created": "2021-11-04T09:03:45.588Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.087Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:45.583Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9", + "line": 45, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 241, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 242, + "pgh_context": null, + "id": 242, + "created": "2021-11-04T09:03:45.816Z", + "updated": null, + "title": "Download of Code Without Integrity Check (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.911Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:45.806Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 242, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 243, + "pgh_context": null, + "id": 243, + "created": "2021-11-04T09:03:46.040Z", + "updated": null, + "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 567, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.322Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.034Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87", + "line": 93, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 243, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 244, + "pgh_context": null, + "id": 244, + "created": "2021-11-04T09:03:46.325Z", + "updated": null, + "title": "Empty Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.738Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.316Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 244, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 245, + "pgh_context": null, + "id": 245, + "created": "2021-11-04T09:03:46.571Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.201Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.567Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 245, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 246, + "pgh_context": null, + "id": 246, + "created": "2021-11-04T09:03:46.801Z", + "updated": null, + "title": "Improper Resource Access Authorization (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.074Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.793Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 246, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 247, + "pgh_context": null, + "id": 247, + "created": "2021-11-04T09:03:47.007Z", + "updated": null, + "title": "Session Fixation (logout.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.546Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:47.002Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10", + "line": 3, + "file_path": "/root/logout.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 247, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 248, + "pgh_context": null, + "id": 248, + "created": "2021-11-04T09:03:47.229Z", + "updated": null, + "title": "Hardcoded Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.115Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:47.225Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 248, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 249, + "pgh_context": null, + "id": 249, + "created": "2021-11-04T09:03:47.445Z", + "updated": null, + "title": "Hardcoded Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.942Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:47.440Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 249, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 250, + "pgh_context": null, + "id": 250, + "created": "2021-11-04T09:03:47.662Z", + "updated": null, + "title": "Improper Resource Access Authorization (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.938Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:47.659Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 250, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 251, + "pgh_context": null, + "id": 251, + "created": "2021-11-04T09:03:47.867Z", + "updated": null, + "title": "Improper Resource Access Authorization (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.862Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:47.864Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9", + "line": 91, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 251, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 252, + "pgh_context": null, + "id": 252, + "created": "2021-11-04T09:03:48.018Z", + "updated": null, + "title": "Empty Password in Connection String (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.722Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.015Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 252, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 253, + "pgh_context": null, + "id": 253, + "created": "2021-11-04T09:03:48.175Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.380Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.171Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 253, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 254, + "pgh_context": null, + "id": 254, + "created": "2021-11-04T09:03:48.382Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.429Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.378Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28", + "line": 97, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 254, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 255, + "pgh_context": null, + "id": 255, + "created": "2021-11-04T09:03:48.563Z", + "updated": null, + "title": "Empty Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.628Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.560Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 255, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 256, + "pgh_context": null, + "id": 256, + "created": "2021-11-04T09:03:48.761Z", + "updated": null, + "title": "Information Exposure Through an Error Message (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.702Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.755Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb", + "line": 63, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 256, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 257, + "pgh_context": null, + "id": 257, + "created": "2021-11-04T09:03:48.957Z", + "updated": null, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.748Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:48.954Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88", + "line": 54, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 257, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 258, + "pgh_context": null, + "id": 258, + "created": "2021-11-04T09:03:49.162Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.788Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:49.157Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 258, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 259, + "pgh_context": null, + "id": 259, + "created": "2021-11-04T09:03:49.539Z", + "updated": null, + "title": "HttpOnlyCookies (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.391Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:49.535Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3", + "line": 35, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 259, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 260, + "pgh_context": null, + "id": 260, + "created": "2021-11-04T09:03:49.721Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.211Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:49.716Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99", + "line": 61, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 260, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 261, + "pgh_context": null, + "id": 261, + "created": "2021-11-04T09:03:49.927Z", + "updated": null, + "title": "Information Exposure Through an Error Message (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.654Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:49.923Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215", + "line": 99, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 261, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 262, + "pgh_context": null, + "id": 262, + "created": "2021-11-04T09:03:50.136Z", + "updated": null, + "title": "Race Condition Format Flaw (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.026Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:50.131Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1", + "line": 51, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 262, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 263, + "pgh_context": null, + "id": 263, + "created": "2021-11-04T09:03:50.351Z", + "updated": null, + "title": "Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.887Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:50.345Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 263, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 264, + "pgh_context": null, + "id": 264, + "created": "2021-11-04T09:03:50.575Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.282Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:50.571Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 264, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 265, + "pgh_context": null, + "id": 265, + "created": "2021-11-04T09:03:50.779Z", + "updated": null, + "title": "Heap Inspection (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.240Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:50.772Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 265, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 266, + "pgh_context": null, + "id": 266, + "created": "2021-11-04T09:03:50.992Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.298Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:50.988Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 266, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 267, + "pgh_context": null, + "id": 267, + "created": "2021-11-04T09:03:51.212Z", + "updated": null, + "title": "Empty Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.458Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:51.206Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 267, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 268, + "pgh_context": null, + "id": 268, + "created": "2021-11-04T09:03:51.383Z", + "updated": null, + "title": "Information Exposure Through an Error Message (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.749Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:51.380Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49", + "line": 98, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 268, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 269, + "pgh_context": null, + "id": 269, + "created": "2021-11-04T09:03:51.544Z", + "updated": null, + "title": "XSRF (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 352, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.824Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:51.541Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 269, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 270, + "pgh_context": null, + "id": 270, + "created": "2021-11-04T09:03:51.721Z", + "updated": null, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.648Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:51.719Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 270, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 271, + "pgh_context": null, + "id": 271, + "created": "2021-11-04T09:03:51.877Z", + "updated": null, + "title": "Improper Resource Access Authorization (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.041Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:51.872Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5", + "line": 29, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 271, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 272, + "pgh_context": null, + "id": 272, + "created": "2021-11-04T09:03:52.049Z", + "updated": null, + "title": "Download of Code Without Integrity Check (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.664Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:52.046Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e", + "line": 1, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 272, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 273, + "pgh_context": null, + "id": 273, + "created": "2021-11-04T09:03:52.209Z", + "updated": null, + "title": "Improper Resource Access Authorization (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.800Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:52.205Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099", + "line": 12, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 273, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 274, + "pgh_context": null, + "id": 274, + "created": "2021-11-04T09:03:52.388Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.609Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:52.385Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2", + "line": 54, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 274, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 275, + "pgh_context": null, + "id": 275, + "created": "2021-11-04T09:03:52.571Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.298Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:52.568Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b", + "line": 29, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 275, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 276, + "pgh_context": null, + "id": 276, + "created": "2021-11-04T09:03:52.771Z", + "updated": null, + "title": "Reflected XSS All Clients (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.531Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:52.766Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e", + "line": 78, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 276, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 277, + "pgh_context": null, + "id": 277, + "created": "2021-11-04T09:03:52.938Z", + "updated": null, + "title": "Use of Insufficiently Random Values (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.778Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:52.933Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a", + "line": 24, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 277, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 278, + "pgh_context": null, + "id": 278, + "created": "2021-11-04T09:03:53.124Z", + "updated": null, + "title": "SQL Injection (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.612Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:53.121Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9", + "line": 173, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 278, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 279, + "pgh_context": null, + "id": 279, + "created": "2021-11-04T09:36:25.003Z", + "updated": null, + "title": "Test", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "No url given", + "severity": "Info", + "description": "asdf", + "mitigation": "adf", + "fix_available": null, + "fix_version": null, + "impact": "asdf", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "No references given", + "test": 19, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.675Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 279, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 280, + "pgh_context": null, + "id": 280, + "created": "2021-11-05T06:44:35.863Z", + "updated": null, + "title": "Notepad++.exe | CVE-2007-2666", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 1035, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n", + "test": 25, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.440Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:44:35.859Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a", + "line": null, + "file_path": "notepad++.exe", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 280, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 281, + "pgh_context": null, + "id": 281, + "created": "2021-11-05T06:44:36.140Z", + "updated": null, + "title": "Notepad++.exe | CVE-2008-3436", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 1035, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n", + "test": 25, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.456Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:44:36.137Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb", + "line": null, + "file_path": "notepad++.exe", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 281, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 282, + "pgh_context": null, + "id": 282, + "created": "2021-11-05T06:46:06.484Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.352Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:06.480Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 282, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 283, + "pgh_context": null, + "id": 283, + "created": "2021-11-05T06:46:06.676Z", + "updated": null, + "title": ".NET Debugging Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.001Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T06:46:06.674Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 283, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 284, + "pgh_context": null, + "id": 284, + "created": "2021-11-05T06:46:06.857Z", + "updated": null, + "title": "URL Request Gets Path From Variable", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.127Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:46:06.854Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 284, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 285, + "pgh_context": null, + "id": 285, + "created": "2021-11-05T06:46:07.054Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.513Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.052Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 285, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 286, + "pgh_context": null, + "id": 286, + "created": "2021-11-05T06:46:07.234Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.481Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.231Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 286, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 287, + "pgh_context": null, + "id": 287, + "created": "2021-11-05T06:46:07.429Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.467Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.426Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 287, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 288, + "pgh_context": null, + "id": 288, + "created": "2021-11-05T06:46:07.619Z", + "updated": null, + "title": ".NET Debugging Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.986Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T06:46:07.616Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 288, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 289, + "pgh_context": null, + "id": 289, + "created": "2021-11-05T06:46:07.818Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.452Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.815Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 289, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 290, + "pgh_context": null, + "id": 290, + "created": "2021-11-05T06:46:08.024Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.438Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.021Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 290, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 291, + "pgh_context": null, + "id": 291, + "created": "2021-11-05T06:46:08.214Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.423Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.212Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 291, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 292, + "pgh_context": null, + "id": 292, + "created": "2021-11-05T06:46:08.407Z", + "updated": null, + "title": "URL Request Gets Path From Variable", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.157Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:46:08.405Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 292, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 293, + "pgh_context": null, + "id": 293, + "created": "2021-11-05T06:46:08.576Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.408Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.574Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 293, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 294, + "pgh_context": null, + "id": 294, + "created": "2021-11-05T06:46:08.774Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.395Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.770Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 294, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 295, + "pgh_context": null, + "id": 295, + "created": "2021-11-05T06:46:08.994Z", + "updated": null, + "title": "URL Request Gets Path From Variable", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.142Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:46:08.991Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 295, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 296, + "pgh_context": null, + "id": 296, + "created": "2021-11-05T06:46:09.157Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.528Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.155Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 296, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 297, + "pgh_context": null, + "id": 297, + "created": "2021-11-05T06:46:09.337Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.496Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.334Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 297, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 298, + "pgh_context": null, + "id": 298, + "created": "2021-11-05T06:46:09.514Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.381Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.511Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 298, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 299, + "pgh_context": null, + "id": 299, + "created": "2021-11-05T06:46:09.700Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.366Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.697Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 299, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 300, + "pgh_context": null, + "id": 300, + "created": "2021-11-05T06:47:17.890Z", + "updated": null, + "title": "Password Field With Autocomplete Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", + "mitigation": "\n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n", + "fix_available": null, + "fix_version": null, + "impact": "Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.095Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 300, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 301, + "pgh_context": null, + "id": 301, + "created": "2021-11-05T06:47:18.169Z", + "updated": null, + "title": "Frameable Response (Potential Clickjacking)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", + "mitigation": "\n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n", + "fix_available": null, + "fix_version": null, + "impact": "If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.606Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 301, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 302, + "pgh_context": null, + "id": 302, + "created": "2021-11-05T06:47:18.645Z", + "updated": null, + "title": "Cross-Site Scripting (Reflected)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "fix_available": null, + "fix_version": null, + "impact": "Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.375Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 302, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 303, + "pgh_context": null, + "id": 303, + "created": "2021-11-05T06:47:18.860Z", + "updated": null, + "title": "Unencrypted Communications", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n", + "fix_available": null, + "fix_version": null, + "impact": "The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.173Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 303, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 304, + "pgh_context": null, + "id": 304, + "created": "2021-11-05T06:47:19.072Z", + "updated": null, + "title": "Password Returned in Later Response", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", + "mitigation": "\n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.078Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 304, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 305, + "pgh_context": null, + "id": 305, + "created": "2021-11-05T06:47:19.278Z", + "updated": null, + "title": "Email Addresses Disclosed", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", + "mitigation": "\n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n", + "fix_available": null, + "fix_version": null, + "impact": "The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.590Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 305, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 306, + "pgh_context": null, + "id": 306, + "created": "2021-11-05T06:47:19.559Z", + "updated": null, + "title": "Cross-Site Request Forgery", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", + "mitigation": "\n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n", + "fix_available": null, + "fix_version": null, + "impact": "Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.543Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 306, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 307, + "pgh_context": null, + "id": 307, + "created": "2021-11-05T06:47:19.783Z", + "updated": null, + "title": "SQL Injection", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", + "mitigation": "The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.422Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 307, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 308, + "pgh_context": null, + "id": 308, + "created": "2021-11-05T06:47:20.049Z", + "updated": null, + "title": "Path-Relative Style Sheet Import", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.639Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 308, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 309, + "pgh_context": null, + "id": 309, + "created": "2021-11-05T06:47:20.461Z", + "updated": null, + "title": "Cleartext Submission of Password", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.346Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 309, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 310, + "pgh_context": null, + "id": 310, + "created": "2021-11-05T07:07:18.067Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.187Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:18.064Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 310, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 311, + "pgh_context": null, + "id": 311, + "created": "2021-11-05T07:07:18.320Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.219Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:18.317Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 311, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 312, + "pgh_context": null, + "id": 312, + "created": "2021-11-05T07:07:18.592Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.981Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:18.590Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 312, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 313, + "pgh_context": null, + "id": 313, + "created": "2021-11-05T07:07:18.815Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.951Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:18.813Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 313, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 314, + "pgh_context": null, + "id": 314, + "created": "2021-11-05T07:07:19.003Z", + "updated": null, + "title": "SQL String Formatting-G201", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.094Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:19Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/sqli/function.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 314, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 315, + "pgh_context": null, + "id": 315, + "created": "2021-11-05T07:07:19.202Z", + "updated": null, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.017Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:19.199Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5", + "line": null, + "file_path": "/vagrant/go/src/govwa/user/user.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 315, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 316, + "pgh_context": null, + "id": 316, + "created": "2021-11-05T07:07:19.412Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.997Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:19.409Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 316, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 317, + "pgh_context": null, + "id": 317, + "created": "2021-11-05T07:07:19.621Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.935Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:19.618Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 317, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 318, + "pgh_context": null, + "id": 318, + "created": "2021-11-05T07:07:19.850Z", + "updated": null, + "title": "Use of Weak Cryptographic Primitive-G401", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.140Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:19.848Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 318, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 319, + "pgh_context": null, + "id": 319, + "created": "2021-11-05T07:07:20.057Z", + "updated": null, + "title": "Use of Weak Cryptographic Primitive-G401", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.124Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:20.054Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4", + "line": null, + "file_path": "/vagrant/go/src/govwa/user/user.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 319, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 320, + "pgh_context": null, + "id": 320, + "created": "2021-11-05T07:07:20.248Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.966Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.246Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/template.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 320, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 321, + "pgh_context": null, + "id": 321, + "created": "2021-11-05T07:07:20.441Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.889Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.438Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/middleware/middleware.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 321, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 322, + "pgh_context": null, + "id": 322, + "created": "2021-11-05T07:07:20.634Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.048Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.631Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/middleware/middleware.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 322, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 323, + "pgh_context": null, + "id": 323, + "created": "2021-11-05T07:07:20.811Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.857Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.808Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95", + "line": null, + "file_path": "/vagrant/go/src/govwa/app.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 323, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 324, + "pgh_context": null, + "id": 324, + "created": "2021-11-05T07:07:21.004Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.236Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.002Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 324, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 325, + "pgh_context": null, + "id": 325, + "created": "2021-11-05T07:07:21.191Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.203Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.189Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 325, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 326, + "pgh_context": null, + "id": 326, + "created": "2021-11-05T07:07:21.369Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.904Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:21.366Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed", + "line": null, + "file_path": "/vagrant/go/src/govwa/setting/setting.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 326, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 327, + "pgh_context": null, + "id": 327, + "created": "2021-11-05T07:07:21.561Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.919Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:21.559Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed", + "line": null, + "file_path": "/vagrant/go/src/govwa/setting/setting.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 327, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 328, + "pgh_context": null, + "id": 328, + "created": "2021-11-05T07:07:21.744Z", + "updated": null, + "title": "Use of Weak Cryptographic Primitive-G401", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.109Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.741Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 328, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 329, + "pgh_context": null, + "id": 329, + "created": "2021-11-05T07:07:21.930Z", + "updated": null, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.032Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.928Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 329, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 330, + "pgh_context": null, + "id": 330, + "created": "2021-11-05T07:07:22.124Z", + "updated": null, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.048Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:22.121Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 330, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 331, + "pgh_context": null, + "id": 331, + "created": "2021-11-05T07:07:22.308Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.014Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:22.306Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/cookie.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 331, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 332, + "pgh_context": null, + "id": 332, + "created": "2021-11-05T07:07:22.551Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.873Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:22.548Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 332, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 333, + "pgh_context": null, + "id": 333, + "created": "2021-11-05T07:07:22.773Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.156Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:22.771Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 333, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 334, + "pgh_context": null, + "id": 334, + "created": "2021-11-05T07:07:22.989Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.081Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:22.986Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 334, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 335, + "pgh_context": null, + "id": 335, + "created": "2021-11-05T07:07:23.204Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.065Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:23.200Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa", + "line": null, + "file_path": "/vagrant/go/src/govwa/user/user.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 335, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 336, + "pgh_context": null, + "id": 336, + "created": "2021-11-05T07:07:23.489Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.030Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:23.486Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/template.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 336, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 337, + "pgh_context": null, + "id": 337, + "created": "2021-11-05T07:07:23.721Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.172Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:23.717Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/template.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 337, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 338, + "pgh_context": null, + "id": 338, + "created": "2021-11-05T10:43:05.946Z", + "updated": null, + "title": "Password Field With Autocomplete Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", + "mitigation": "\n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n", + "fix_available": null, + "fix_version": null, + "impact": "Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.111Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T10:43:05.943Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 338, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 339, + "pgh_context": null, + "id": 339, + "created": "2021-11-05T10:43:06.237Z", + "updated": null, + "title": "Frameable Response (Potential Clickjacking)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", + "mitigation": "\n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n", + "fix_available": null, + "fix_version": null, + "impact": "If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.622Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:06.233Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 339, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 340, + "pgh_context": null, + "id": 340, + "created": "2021-11-05T10:43:06.742Z", + "updated": null, + "title": "Cross-Site Scripting (Reflected)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "fix_available": null, + "fix_version": null, + "impact": "Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.391Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T10:43:06.738Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 340, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 341, + "pgh_context": null, + "id": 341, + "created": "2021-11-05T10:43:07.038Z", + "updated": null, + "title": "Unencrypted Communications", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n", + "fix_available": null, + "fix_version": null, + "impact": "The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.189Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T10:43:07.036Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 341, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 342, + "pgh_context": null, + "id": 342, + "created": "2021-11-05T10:43:07.297Z", + "updated": null, + "title": "Password Returned in Later Response", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", + "mitigation": "\n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.063Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T10:43:07.294Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 342, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 343, + "pgh_context": null, + "id": 343, + "created": "2021-11-05T10:43:07.547Z", + "updated": null, + "title": "Email Addresses Disclosed", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", + "mitigation": "\n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n", + "fix_available": null, + "fix_version": null, + "impact": "The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.575Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:07.545Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 343, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 344, + "pgh_context": null, + "id": 344, + "created": "2021-11-05T10:43:07.888Z", + "updated": null, + "title": "Cross-Site Request Forgery", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", + "mitigation": "\n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n", + "fix_available": null, + "fix_version": null, + "impact": "Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.559Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:07.885Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 344, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 345, + "pgh_context": null, + "id": 345, + "created": "2021-11-05T10:43:08.144Z", + "updated": null, + "title": "SQL Injection", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", + "mitigation": "The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.406Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T10:43:08.140Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 345, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 346, + "pgh_context": null, + "id": 346, + "created": "2021-11-05T10:43:08.440Z", + "updated": null, + "title": "Path-Relative Style Sheet Import", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.658Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:08.437Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 346, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 347, + "pgh_context": null, + "id": 347, + "created": "2021-11-05T10:43:08.906Z", + "updated": null, + "title": "Cleartext Submission of Password", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.360Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T10:43:08.902Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.product_typeevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "created": null, + "updated": null, + "name": "Research and Development", + "description": null, + "critical_product": false, + "key_product": false + } +}, +{ + "model": "dojo.product_typeevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "created": null, + "updated": "2021-11-04T09:27:38.846Z", + "name": "Commerce", + "description": null, + "critical_product": true, + "key_product": false + } +}, +{ + "model": "dojo.product_typeevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "created": null, + "updated": "2021-11-04T09:27:51.762Z", + "name": "Billing", + "description": null, + "critical_product": false, + "key_product": true + } +}, +{ + "model": "dojo.productevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "created": null, + "updated": "2025-01-17T16:52:28.298Z", + "name": "BodgeIt", + "description": "[Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up", + "product_manager": [ + "admin" + ], + "technical_contact": [ + "user2" + ], + "team_manager": [ + "product_manager" + ], + "prod_type": 2, + "sla_configuration": 1, + "tid": 0, + "prod_numeric_grade": 5, + "business_criticality": "high", + "platform": "web", + "lifecycle": "production", + "origin": "internal", + "user_records": 1000000000, + "revenue": "1000.00", + "external_audience": true, + "internet_accessible": true, + "enable_product_tag_inheritance": false, + "enable_simple_risk_acceptance": false, + "enable_full_risk_acceptance": true, + "disable_sla_breach_notifications": false, + "async_updating": false + } +}, +{ + "model": "dojo.productevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "created": null, + "updated": "2025-01-17T16:52:28.346Z", + "name": "Internal CRM App", + "description": "* New product in development that attempts to follow all best practices", + "product_manager": [ + "product_manager" + ], + "technical_contact": [ + "product_manager" + ], + "team_manager": [ + "user2" + ], + "prod_type": 2, + "sla_configuration": 1, + "tid": 0, + "prod_numeric_grade": 51, + "business_criticality": "medium", + "platform": "web", + "lifecycle": "construction", + "origin": "internal", + "user_records": null, + "revenue": null, + "external_audience": false, + "internet_accessible": false, + "enable_product_tag_inheritance": false, + "enable_simple_risk_acceptance": false, + "enable_full_risk_acceptance": true, + "disable_sla_breach_notifications": false, + "async_updating": false + } +}, +{ + "model": "dojo.productevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "created": null, + "updated": "2025-02-06T22:39:22.655Z", + "name": "Apple Accounting Software", + "description": "Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers", + "product_manager": [ + "admin" + ], + "technical_contact": [ + "user2" + ], + "team_manager": [ + "user2" + ], + "prod_type": 3, + "sla_configuration": 1, + "tid": 0, + "prod_numeric_grade": 100, + "business_criticality": "high", + "platform": "web", + "lifecycle": "production", + "origin": "purchased", + "user_records": 5000, + "revenue": null, + "external_audience": true, + "internet_accessible": false, + "enable_product_tag_inheritance": false, + "enable_simple_risk_acceptance": false, + "enable_full_risk_acceptance": true, + "disable_sla_breach_notifications": false, + "async_updating": false + } +}, +{ + "model": "dojo.testevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "engagement": 1, + "lead": null, + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-02-18T00:00:00Z", + "target_end": "2021-02-27T00:00:00Z", + "percent_complete": 100, + "environment": 1, + "updated": null, + "created": null, + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "engagement": 2, + "lead": [ + "product_manager" + ], + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-03-21T01:00:00Z", + "target_end": "2021-03-22T01:00:00Z", + "percent_complete": 100, + "environment": 1, + "updated": null, + "created": null, + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 14, + "pgh_context": null, + "id": 14, + "engagement": 1, + "lead": null, + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-02-18T00:00:00Z", + "target_end": "2021-02-27T00:00:00Z", + "percent_complete": 100, + "environment": 1, + "updated": null, + "created": null, + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 4, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 15, + "pgh_context": null, + "id": 15, + "engagement": 4, + "lead": [ + "admin" + ], + "test_type": 12, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-03T00:00:00Z", + "target_end": "2021-11-03T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-04T09:01:30.563Z", + "created": "2021-11-04T09:01:30.563Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 5, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 16, + "pgh_context": null, + "id": 16, + "engagement": 4, + "lead": [ + "admin" + ], + "test_type": 12, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-03T00:00:00Z", + "target_end": "2021-11-03T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-04T09:03:25.139Z", + "created": "2021-11-04T09:03:25.139Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 6, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 18, + "pgh_context": null, + "id": 18, + "engagement": 6, + "lead": [ + "admin" + ], + "test_type": 21, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2022-01-19T00:00:00Z", + "target_end": "2022-01-24T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:26:34.003Z", + "created": "2021-11-04T09:25:46.327Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 7, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 19, + "pgh_context": null, + "id": 19, + "engagement": 7, + "lead": null, + "test_type": 3, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T09:36:15.180Z", + "target_end": "2021-11-04T09:36:15.180Z", + "percent_complete": null, + "environment": null, + "updated": "2021-11-04T09:36:15.180Z", + "created": "2021-11-04T09:36:15.180Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 8, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 20, + "pgh_context": null, + "id": 20, + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:43:09.101Z", + "created": "2021-11-04T09:43:09.101Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 9, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 21, + "pgh_context": null, + "id": 21, + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 19, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 2, + "updated": "2021-11-04T09:43:23.410Z", + "created": "2021-11-04T09:43:23.410Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 10, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 22, + "pgh_context": null, + "id": 22, + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 17, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:43:41.711Z", + "created": "2021-11-04T09:43:41.711Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 11, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 23, + "pgh_context": null, + "id": 23, + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 11, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:44:01.815Z", + "created": "2021-11-04T09:44:01.815Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 12, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 25, + "pgh_context": null, + "id": 25, + "engagement": 10, + "lead": [ + "admin" + ], + "test_type": 17, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T06:44:35.814Z", + "created": "2021-11-05T06:44:35.814Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 13, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 26, + "pgh_context": null, + "id": 26, + "engagement": 10, + "lead": [ + "admin" + ], + "test_type": 28, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T06:46:06.450Z", + "created": "2021-11-05T06:46:06.450Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 14, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 28, + "pgh_context": null, + "id": 28, + "engagement": 10, + "lead": [ + "admin" + ], + "test_type": 9, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T06:47:17.517Z", + "created": "2021-11-05T06:47:17.518Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 15, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 29, + "pgh_context": null, + "id": 29, + "engagement": 11, + "lead": [ + "admin" + ], + "test_type": 29, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-11T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-05T06:54:23.989Z", + "created": "2021-11-05T06:54:23.989Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 16, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 30, + "pgh_context": null, + "id": 30, + "engagement": 11, + "lead": [ + "admin" + ], + "test_type": 3, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-11T00:00:00Z", + "percent_complete": null, + "environment": 5, + "updated": "2021-11-05T06:54:35.499Z", + "created": "2021-11-05T06:54:35.499Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 17, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 31, + "pgh_context": null, + "id": 31, + "engagement": 12, + "lead": [ + "admin" + ], + "test_type": 30, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T07:07:18.034Z", + "created": "2021-11-05T07:07:18.034Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 18, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 32, + "pgh_context": null, + "id": 32, + "engagement": 13, + "lead": [ + "admin" + ], + "test_type": 9, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T10:43:05.485Z", + "created": "2021-11-05T10:43:05.485Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.risk_acceptanceevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "name": "Simple Builtin Risk Acceptance", + "recommendation": "F", + "recommendation_details": null, + "decision": "A", + "decision_details": "These findings are accepted using a simple risk acceptance without expiration date, approval document or compensating control information. Unaccept and use full risk acceptance if you need to have more control over those fields.", + "accepted_by": null, + "path": "", + "owner": [ + "admin" + ], + "expiration_date": null, + "expiration_date_warned": null, + "expiration_date_handled": null, + "reactivate_expired": true, + "restart_sla_expired": false, + "created": "2024-01-29T15:35:18.089Z", + "updated": "2024-01-29T15:35:18.089Z" + } +}, +{ + "model": "dojo.finding_templateevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "title": "XSS template", + "cwe": null, + "cve": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "severity": "High", + "description": "XSS test template", + "mitigation": "", + "impact": "", + "references": "", + "last_used": null, + "numerical_severity": null, + "fix_available": null, + "fix_version": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "steps_to_reproduce": null, + "severity_justification": null, + "component_name": null, + "component_version": null, + "notes": null, + "vulnerability_ids_text": null, + "endpoints_text": null + } +}, +{ + "model": "dojo.finding_templateevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "title": "SQLi template", + "cwe": null, + "cve": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "severity": "High", + "description": "SQLi test template", + "mitigation": "", + "impact": "", + "references": "", + "last_used": null, + "numerical_severity": null, + "fix_available": null, + "fix_version": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "steps_to_reproduce": null, + "severity_justification": null, + "component_name": null, + "component_version": null, + "notes": null, + "vulnerability_ids_text": null, + "endpoints_text": null + } +}, +{ + "model": "dojo.finding_templateevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "title": "CSRF template", + "cwe": null, + "cve": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "severity": "MEDIUM", + "description": "CSRF test template", + "mitigation": "", + "impact": "", + "references": "", + "last_used": null, + "numerical_severity": null, + "fix_available": null, + "fix_version": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "steps_to_reproduce": null, + "severity_justification": null, + "component_name": null, + "component_version": null, + "notes": null, + "vulnerability_ids_text": null, + "endpoints_text": null + } +}, +{ + "model": "dojo.locationevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.735Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "created": "2026-01-26T15:45:41.735Z", + "updated": "2026-01-26T15:45:41.735Z", + "location_type": "url", + "location_value": "ssh://127.0.0.1" + } +}, +{ + "model": "dojo.locationevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.756Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "created": "2026-01-26T15:45:41.756Z", + "updated": "2026-01-26T15:45:41.756Z", + "location_type": "url", + "location_value": "127.0.0.1" + } +}, +{ + "model": "dojo.locationevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.767Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "created": "2026-01-26T15:45:41.767Z", + "updated": "2026-01-26T15:45:41.767Z", + "location_type": "url", + "location_value": "ftp://localhost/" + } +}, +{ + "model": "dojo.locationevent", + "pk": 4, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.777Z", + "pgh_label": "insert", + "pgh_obj": 4, + "pgh_context": null, + "id": 4, + "created": "2026-01-26T15:45:41.777Z", + "updated": "2026-01-26T15:45:41.777Z", + "location_type": "url", + "location_value": "http://localhost:8888/" + } +}, +{ + "model": "dojo.locationevent", + "pk": 5, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.787Z", + "pgh_label": "insert", + "pgh_obj": 5, + "pgh_context": null, + "id": 5, + "created": "2026-01-26T15:45:41.787Z", + "updated": "2026-01-26T15:45:41.787Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/" + } +}, +{ + "model": "dojo.locationevent", + "pk": 6, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.797Z", + "pgh_label": "insert", + "pgh_obj": 6, + "pgh_context": null, + "id": 6, + "created": "2026-01-26T15:45:41.797Z", + "updated": "2026-01-26T15:45:41.797Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/about.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 7, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.807Z", + "pgh_label": "insert", + "pgh_obj": 7, + "pgh_context": null, + "id": 7, + "created": "2026-01-26T15:45:41.807Z", + "updated": "2026-01-26T15:45:41.807Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/admin.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 8, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.818Z", + "pgh_label": "insert", + "pgh_obj": 8, + "pgh_context": null, + "id": 8, + "created": "2026-01-26T15:45:41.818Z", + "updated": "2026-01-26T15:45:41.818Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/advanced.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 9, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.828Z", + "pgh_label": "insert", + "pgh_obj": 9, + "pgh_context": null, + "id": 9, + "created": "2026-01-26T15:45:41.828Z", + "updated": "2026-01-26T15:45:41.828Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/basket.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 10, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.838Z", + "pgh_label": "insert", + "pgh_obj": 10, + "pgh_context": null, + "id": 10, + "created": "2026-01-26T15:45:41.838Z", + "updated": "2026-01-26T15:45:41.838Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/contact.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 11, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.849Z", + "pgh_label": "insert", + "pgh_obj": 11, + "pgh_context": null, + "id": 11, + "created": "2026-01-26T15:45:41.850Z", + "updated": "2026-01-26T15:45:41.850Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/home.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 12, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.859Z", + "pgh_label": "insert", + "pgh_obj": 12, + "pgh_context": null, + "id": 12, + "created": "2026-01-26T15:45:41.859Z", + "updated": "2026-01-26T15:45:41.859Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/login.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 13, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.870Z", + "pgh_label": "insert", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "created": "2026-01-26T15:45:41.870Z", + "updated": "2026-01-26T15:45:41.870Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/logout.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 14, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.880Z", + "pgh_label": "insert", + "pgh_obj": 14, + "pgh_context": null, + "id": 14, + "created": "2026-01-26T15:45:41.880Z", + "updated": "2026-01-26T15:45:41.880Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/password.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 15, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.891Z", + "pgh_label": "insert", + "pgh_obj": 15, + "pgh_context": null, + "id": 15, + "created": "2026-01-26T15:45:41.891Z", + "updated": "2026-01-26T15:45:41.891Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/product.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 16, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.901Z", + "pgh_label": "insert", + "pgh_obj": 16, + "pgh_context": null, + "id": 16, + "created": "2026-01-26T15:45:41.902Z", + "updated": "2026-01-26T15:45:41.902Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/register.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 17, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.912Z", + "pgh_label": "insert", + "pgh_obj": 17, + "pgh_context": null, + "id": 17, + "created": "2026-01-26T15:45:41.912Z", + "updated": "2026-01-26T15:45:41.912Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/score.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 18, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.922Z", + "pgh_label": "insert", + "pgh_obj": 18, + "pgh_context": null, + "id": 18, + "created": "2026-01-26T15:45:41.922Z", + "updated": "2026-01-26T15:45:41.922Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/search.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 19, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.932Z", + "pgh_label": "insert", + "pgh_obj": 19, + "pgh_context": null, + "id": 19, + "created": "2026-01-26T15:45:41.932Z", + "updated": "2026-01-26T15:45:41.932Z", + "location_type": "url", + "location_value": "http://127.0.0.1/endpoint/420/edit/" + } +}, +{ + "model": "dojo.urlevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.735Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "location": 1, + "protocol": "ssh", + "user_info": "", + "host": "127.0.0.1", + "port": 22, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.756Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "location": 2, + "protocol": "", + "user_info": "", + "host": "127.0.0.1", + "port": null, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.767Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "location": 3, + "protocol": "ftp", + "user_info": "", + "host": "localhost", + "port": 21, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 4, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.777Z", + "pgh_label": "insert", + "pgh_obj": 4, + "pgh_context": null, + "id": 4, + "location": 4, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 5, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.787Z", + "pgh_label": "insert", + "pgh_obj": 5, + "pgh_context": null, + "id": 5, + "location": 5, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 6, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.797Z", + "pgh_label": "insert", + "pgh_obj": 6, + "pgh_context": null, + "id": 6, + "location": 6, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/about.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 7, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.807Z", + "pgh_label": "insert", + "pgh_obj": 7, + "pgh_context": null, + "id": 7, + "location": 7, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/admin.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 8, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.818Z", + "pgh_label": "insert", + "pgh_obj": 8, + "pgh_context": null, + "id": 8, + "location": 8, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/advanced.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 9, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.828Z", + "pgh_label": "insert", + "pgh_obj": 9, + "pgh_context": null, + "id": 9, + "location": 9, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/basket.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 10, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.838Z", + "pgh_label": "insert", + "pgh_obj": 10, + "pgh_context": null, + "id": 10, + "location": 10, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/contact.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 11, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.849Z", + "pgh_label": "insert", + "pgh_obj": 11, + "pgh_context": null, + "id": 11, + "location": 11, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/home.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 12, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.859Z", + "pgh_label": "insert", + "pgh_obj": 12, + "pgh_context": null, + "id": 12, + "location": 12, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/login.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 13, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.870Z", + "pgh_label": "insert", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "location": 13, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/logout.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 14, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.880Z", + "pgh_label": "insert", + "pgh_obj": 14, + "pgh_context": null, + "id": 14, + "location": 14, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/password.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 15, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.891Z", + "pgh_label": "insert", + "pgh_obj": 15, + "pgh_context": null, + "id": 15, + "location": 15, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/product.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 16, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.901Z", + "pgh_label": "insert", + "pgh_obj": 16, + "pgh_context": null, + "id": 16, + "location": 16, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/register.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 17, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.912Z", + "pgh_label": "insert", + "pgh_obj": 17, + "pgh_context": null, + "id": 17, + "location": 17, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/score.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 18, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.922Z", + "pgh_label": "insert", + "pgh_obj": 18, + "pgh_context": null, + "id": 18, + "location": 18, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/search.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 19, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.932Z", + "pgh_label": "insert", + "pgh_obj": 19, + "pgh_context": null, + "id": 19, + "location": 19, + "protocol": "http", + "user_info": "", + "host": "127.0.0.1", + "port": 80, + "path": "endpoint/420/edit/", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "watson.searchentry", + "pk": 1, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "report_type" + ], + "object_id": "1", + "object_id_int": 1, + "title": "Python How-to", + "description": "", + "content": "Python How-to test product 0 0 0", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 2, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "report_type" + ], + "object_id": "2", + "object_id_int": 2, + "title": "Security How-to", + "description": "", + "content": "Security How-to test product 0 0 0", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 3, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "report_type" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Security Podcast", + "description": "", + "content": "Security Podcast test product 0 0 0", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 4, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "cred_user" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Web Scan (Feb 18, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 5, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "cred_user" + ], + "object_id": "13", + "object_id_int": 13, + "title": "Web Scan (Mar 21, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 6, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "cred_user" + ], + "object_id": "14", + "object_id_int": 14, + "title": "Web Scan (Feb 18, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 7, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "2", + "object_id_int": 2, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 8, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "3", + "object_id_int": 3, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 9, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "4", + "object_id_int": 4, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 10, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "5", + "object_id_int": 5, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 11, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "6", + "object_id_int": 6, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 12, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "14", + "object_id_int": 14, + "title": "API Test (Feb 18, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 13, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "2", + "object_id_int": 2, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S4 None None None None None 91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 14, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "3", + "object_id_int": 3, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 15, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "4", + "object_id_int": 4, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 16, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "5", + "object_id_int": 5, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 17, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "6", + "object_id_int": 6, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 18, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "7", + "object_id_int": 7, + "title": "DUMMY FINDING", + "description": "", + "content": "DUMMY FINDING http://www.example.com HIGH TEST finding MITIGATION HIGH None None S0 None None None None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 19, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "1", + "object_id_int": 1, + "title": "XSS template", + "description": "", + "content": "XSS template HIGH XSS test template None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 20, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "2", + "object_id_int": 2, + "title": "High Impact Test Finding", + "description": "", + "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62 None None None None None None None None None None 2 None None Internal CRM App ", + "url": "/finding/2", + "meta_encoded": "{\"status\": \"Inactive, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 21, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "3", + "object_id_int": 3, + "title": "High Impact Test Finding", + "description": "", + "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 3 None None Internal CRM App ", + "url": "/finding/3", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 22, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "8", + "object_id_int": 8, + "title": "http://localhost:8888//bodgeit/", + "description": "", + "content": "http None localhost /bodgeit/ None None", + "url": "/endpoint/8", + "meta_encoded": "{\"product__name\": \"BodgeIt\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 23, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "report_type" + ], + "object_id": "1", + "object_id_int": 1, + "title": "Python How-to", + "description": "", + "content": "Python How-to test product 0 0 0", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 24, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "report_type" + ], + "object_id": "2", + "object_id_int": 2, + "title": "Security How-to", + "description": "", + "content": "Security How-to test product 0 0 0", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 25, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "report_type" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Security Podcast", + "description": "", + "content": "Security Podcast test product 0 0 0", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 26, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "cred_user" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Web Scan (Feb 18, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 27, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "cred_user" + ], + "object_id": "13", + "object_id_int": 13, + "title": "Web Scan (Mar 21, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 28, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "cred_user" + ], + "object_id": "14", + "object_id_int": 14, + "title": "Web Scan (Feb 18, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 29, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "2", + "object_id_int": 2, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 30, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "3", + "object_id_int": 3, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 31, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "4", + "object_id_int": 4, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 32, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "5", + "object_id_int": 5, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 33, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "6", + "object_id_int": 6, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 34, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "7", + "object_id_int": 7, + "title": "DUMMY FINDING", + "description": "", + "content": "DUMMY FINDING http://www.example.com HIGH TEST finding MITIGATION HIGH S0 None None None None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 35, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "2", + "object_id_int": 2, + "title": "Engagement: April Monthly Engagement (Jun 30, 2021)", + "description": "", + "content": "April Monthly Engagement Requested by the team for regular manual checkup by the security team. None None None Completed threat_model none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 36, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "tagulous_product_tags" + ], + "object_id": "1", + "object_id_int": 1, + "title": "BodgeIt", + "description": "", + "content": "BodgeIt [Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up Tester Jester Bob Buster Peter Scramble high web production internal", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 37, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "4", + "object_id_int": 4, + "title": "Engagement: Static Scan (Nov 03, 2021)", + "description": "", + "content": "Static Scan Initial static scan for Bodgeit. v.1.2.0 None None Completed other none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 38, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "15", + "object_id_int": 15, + "title": "Checkmarx Scan (Nov 03, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 39, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "8", + "object_id_int": 8, + "title": "SQL Injection (register.jsp)", + "description": "", + "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 40, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "9", + "object_id_int": 9, + "title": "Download of Code Without Integrity Check (login.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 41, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "10", + "object_id_int": 10, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 42, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "11", + "object_id_int": 11, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "description": "", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 43, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "12", + "object_id_int": 12, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 44, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "13", + "object_id_int": 13, + "title": "Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 45, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "14", + "object_id_int": 14, + "title": "HttpOnlyCookies (register.jsp)", + "description": "", + "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 46, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "15", + "object_id_int": 15, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 47, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "16", + "object_id_int": 16, + "title": "Hardcoded password in Connection String (product.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 48, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "17", + "object_id_int": 17, + "title": "Client Insecure Randomness (encryption.js)", + "description": "", + "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 49, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "18", + "object_id_int": 18, + "title": "SQL Injection (password.jsp)", + "description": "", + "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 50, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "19", + "object_id_int": 19, + "title": "Stored XSS (basket.jsp)", + "description": "", + "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 51, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "20", + "object_id_int": 20, + "title": "CGI Stored XSS (home.jsp)", + "description": "", + "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 52, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "21", + "object_id_int": 21, + "title": "Not Using a Random IV with CBC Mode (AES.java)", + "description": "", + "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 53, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "22", + "object_id_int": 22, + "title": "Collapse of Data into Unsafe Value (contact.jsp)", + "description": "", + "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 54, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "23", + "object_id_int": 23, + "title": "Stored Boundary Violation (login.jsp)", + "description": "", + "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 55, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "24", + "object_id_int": 24, + "title": "Hardcoded password in Connection String (home.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 56, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "25", + "object_id_int": 25, + "title": "Blind SQL Injections (password.jsp)", + "description": "", + "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 57, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "26", + "object_id_int": 26, + "title": "Heap Inspection (password.jsp)", + "description": "", + "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 58, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "27", + "object_id_int": 27, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 59, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "28", + "object_id_int": 28, + "title": "Trust Boundary Violation (login.jsp)", + "description": "", + "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 60, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "29", + "object_id_int": 29, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 61, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "30", + "object_id_int": 30, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 62, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "31", + "object_id_int": 31, + "title": "Empty Password In Connection String (product.jsp)", + "description": "", + "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 63, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "32", + "object_id_int": 32, + "title": "Improper Resource Access Authorization (password.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 64, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "33", + "object_id_int": 33, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "description": "", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 65, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "34", + "object_id_int": 34, + "title": "Hardcoded password in Connection String (password.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 66, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "35", + "object_id_int": 35, + "title": "HttpOnlyCookies In Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 67, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "36", + "object_id_int": 36, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "description": "", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 68, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "37", + "object_id_int": 37, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 69, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "38", + "object_id_int": 38, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 70, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "39", + "object_id_int": 39, + "title": "Suspected XSS (password.jsp)", + "description": "", + "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 71, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "40", + "object_id_int": 40, + "title": "Hardcoded password in Connection String (contact.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 72, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "41", + "object_id_int": 41, + "title": "Hardcoded password in Connection String (dbconnection.jspf)", + "description": "", + "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 73, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "42", + "object_id_int": 42, + "title": "Empty Password In Connection String (register.jsp)", + "description": "", + "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 74, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "43", + "object_id_int": 43, + "title": "Download of Code Without Integrity Check (home.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 75, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "44", + "object_id_int": 44, + "title": "Information Exposure Through an Error Message (home.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 76, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "45", + "object_id_int": 45, + "title": "SQL Injection (login.jsp)", + "description": "", + "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 77, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "46", + "object_id_int": 46, + "title": "Empty Password In Connection String (advanced.jsp)", + "description": "", + "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 78, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "47", + "object_id_int": 47, + "title": "CGI Stored XSS (score.jsp)", + "description": "", + "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 79, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "48", + "object_id_int": 48, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "description": "", + "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 80, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "49", + "object_id_int": 49, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 81, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "50", + "object_id_int": 50, + "title": "Hardcoded password in Connection String (basket.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 82, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "51", + "object_id_int": 51, + "title": "Stored XSS (admin.jsp)", + "description": "", + "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 83, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "52", + "object_id_int": 52, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 84, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "53", + "object_id_int": 53, + "title": "Empty Password In Connection String (init.jsp)", + "description": "", + "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 85, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "54", + "object_id_int": 54, + "title": "Heap Inspection (login.jsp)", + "description": "", + "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 86, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "55", + "object_id_int": 55, + "title": "Download of Code Without Integrity Check (product.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 87, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "56", + "object_id_int": 56, + "title": "Session Fixation (AdvancedSearch.java)", + "description": "", + "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 88, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "57", + "object_id_int": 57, + "title": "Stored XSS (search.jsp)", + "description": "", + "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 89, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "58", + "object_id_int": 58, + "title": "Empty Password In Connection String (dbconnection.jspf)", + "description": "", + "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 90, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "59", + "object_id_int": 59, + "title": "Hardcoded password in Connection String (init.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 91, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "60", + "object_id_int": 60, + "title": "Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 92, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "61", + "object_id_int": 61, + "title": "HttpOnlyCookies (basket.jsp)", + "description": "", + "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 93, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "62", + "object_id_int": 62, + "title": "Download of Code Without Integrity Check (register.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 94, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "63", + "object_id_int": 63, + "title": "Stored XSS (home.jsp)", + "description": "", + "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 95, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "64", + "object_id_int": 64, + "title": "Empty Password In Connection String (home.jsp)", + "description": "", + "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 96, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "65", + "object_id_int": 65, + "title": "Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 97, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "66", + "object_id_int": 66, + "title": "Improper Resource Access Authorization (product.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 98, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "67", + "object_id_int": 67, + "title": "Download of Code Without Integrity Check (password.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 99, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "68", + "object_id_int": 68, + "title": "Download of Code Without Integrity Check (score.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 100, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "69", + "object_id_int": 69, + "title": "Improper Resource Access Authorization (basket.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 101, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "70", + "object_id_int": 70, + "title": "Race Condition Format Flaw (basket.jsp)", + "description": "", + "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 102, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "71", + "object_id_int": 71, + "title": "Empty Password In Connection String (header.jsp)", + "description": "", + "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 103, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "72", + "object_id_int": 72, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "description": "", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 104, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "73", + "object_id_int": 73, + "title": "Suspected XSS (contact.jsp)", + "description": "", + "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 105, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "74", + "object_id_int": 74, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 106, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "75", + "object_id_int": 75, + "title": "CGI Stored XSS (product.jsp)", + "description": "", + "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 107, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "76", + "object_id_int": 76, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 108, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "77", + "object_id_int": 77, + "title": "Download of Code Without Integrity Check (header.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 109, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "78", + "object_id_int": 78, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 110, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "79", + "object_id_int": 79, + "title": "Blind SQL Injections (login.jsp)", + "description": "", + "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 111, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "80", + "object_id_int": 80, + "title": "Client DOM Open Redirect (advanced.jsp)", + "description": "", + "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 112, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "81", + "object_id_int": 81, + "title": "Hardcoded password in Connection String (search.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 113, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "82", + "object_id_int": 82, + "title": "CGI Stored XSS (basket.jsp)", + "description": "", + "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 114, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "83", + "object_id_int": 83, + "title": "Use of Insufficiently Random Values (init.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 115, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "84", + "object_id_int": 84, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 116, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "85", + "object_id_int": 85, + "title": "Reflected XSS All Clients (search.jsp)", + "description": "", + "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 117, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "86", + "object_id_int": 86, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 118, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "87", + "object_id_int": 87, + "title": "Information Exposure Through an Error Message (score.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 119, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "88", + "object_id_int": 88, + "title": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)", + "description": "", + "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 120, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "89", + "object_id_int": 89, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 121, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "90", + "object_id_int": 90, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 122, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "91", + "object_id_int": 91, + "title": "CGI Stored XSS (admin.jsp)", + "description": "", + "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 123, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "92", + "object_id_int": 92, + "title": "Heap Inspection (register.jsp)", + "description": "", + "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 124, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "93", + "object_id_int": 93, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 125, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "94", + "object_id_int": 94, + "title": "Information Exposure Through an Error Message (register.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 126, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "95", + "object_id_int": 95, + "title": "Improper Resource Access Authorization (init.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 127, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "96", + "object_id_int": 96, + "title": "CGI Stored XSS (header.jsp)", + "description": "", + "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 128, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "97", + "object_id_int": 97, + "title": "Blind SQL Injections (basket.jsp)", + "description": "", + "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 129, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "98", + "object_id_int": 98, + "title": "HttpOnlyCookies In Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 130, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "99", + "object_id_int": 99, + "title": "Use of Hard coded Cryptographic Key (AES.java)", + "description": "", + "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 131, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "100", + "object_id_int": 100, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 132, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "101", + "object_id_int": 101, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 133, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "102", + "object_id_int": 102, + "title": "Stored XSS (score.jsp)", + "description": "", + "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 134, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "103", + "object_id_int": 103, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 135, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "104", + "object_id_int": 104, + "title": "Improper Resource Access Authorization (search.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 136, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "105", + "object_id_int": 105, + "title": "Improper Resource Access Authorization (home.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 137, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "106", + "object_id_int": 106, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 138, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "107", + "object_id_int": 107, + "title": "Information Exposure Through an Error Message (search.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 139, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "108", + "object_id_int": 108, + "title": "Blind SQL Injections (register.jsp)", + "description": "", + "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 140, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "109", + "object_id_int": 109, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 141, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "110", + "object_id_int": 110, + "title": "Download of Code Without Integrity Check (search.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 142, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "111", + "object_id_int": 111, + "title": "Unsynchronized Access To Shared Data (AdvancedSearch.java)", + "description": "", + "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 143, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "112", + "object_id_int": 112, + "title": "Empty Password In Connection String (search.jsp)", + "description": "", + "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 144, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "113", + "object_id_int": 113, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 145, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "114", + "object_id_int": 114, + "title": "Improper Resource Access Authorization (score.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 146, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "115", + "object_id_int": 115, + "title": "Session Fixation (logout.jsp)", + "description": "", + "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 147, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "116", + "object_id_int": 116, + "title": "Hardcoded password in Connection String (login.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 148, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "117", + "object_id_int": 117, + "title": "Hardcoded password in Connection String (advanced.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 149, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "118", + "object_id_int": 118, + "title": "Improper Resource Access Authorization (login.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 150, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "119", + "object_id_int": 119, + "title": "Improper Resource Access Authorization (header.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 151, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "120", + "object_id_int": 120, + "title": "Empty Password In Connection String (score.jsp)", + "description": "", + "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 152, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "121", + "object_id_int": 121, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 153, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "122", + "object_id_int": 122, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 154, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "123", + "object_id_int": 123, + "title": "Empty Password In Connection String (login.jsp)", + "description": "", + "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 155, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "124", + "object_id_int": 124, + "title": "Information Exposure Through an Error Message (login.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 156, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "125", + "object_id_int": 125, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 157, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "126", + "object_id_int": 126, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 158, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "127", + "object_id_int": 127, + "title": "HttpOnlyCookies (login.jsp)", + "description": "", + "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 159, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "128", + "object_id_int": 128, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 160, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "129", + "object_id_int": 129, + "title": "Information Exposure Through an Error Message (header.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 161, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "130", + "object_id_int": 130, + "title": "Race Condition Format Flaw (product.jsp)", + "description": "", + "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 162, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "131", + "object_id_int": 131, + "title": "Stored XSS (product.jsp)", + "description": "", + "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 163, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "132", + "object_id_int": 132, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 164, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "133", + "object_id_int": 133, + "title": "Heap Inspection (init.jsp)", + "description": "", + "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 165, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "134", + "object_id_int": 134, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 166, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "135", + "object_id_int": 135, + "title": "Empty Password In Connection String (contact.jsp)", + "description": "", + "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 167, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "136", + "object_id_int": 136, + "title": "Information Exposure Through an Error Message (product.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 168, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "137", + "object_id_int": 137, + "title": "XSRF (password.jsp)", + "description": "", + "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 169, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "138", + "object_id_int": 138, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 170, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "139", + "object_id_int": 139, + "title": "Improper Resource Access Authorization (register.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 171, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "16", + "object_id_int": 16, + "title": "Checkmarx Scan (Nov 03, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 172, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "140", + "object_id_int": 140, + "title": "SQL Injection (register.jsp)", + "description": "", + "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 173, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "141", + "object_id_int": 141, + "title": "Download of Code Without Integrity Check (login.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 174, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "142", + "object_id_int": 142, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 175, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "143", + "object_id_int": 143, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "description": "", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 176, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "144", + "object_id_int": 144, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 177, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "145", + "object_id_int": 145, + "title": "Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 178, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "146", + "object_id_int": 146, + "title": "HttpOnlyCookies (register.jsp)", + "description": "", + "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 179, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "147", + "object_id_int": 147, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 180, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "148", + "object_id_int": 148, + "title": "Hardcoded password in Connection String (product.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 181, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "149", + "object_id_int": 149, + "title": "Client Insecure Randomness (encryption.js)", + "description": "", + "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 182, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "150", + "object_id_int": 150, + "title": "SQL Injection (password.jsp)", + "description": "", + "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 183, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "151", + "object_id_int": 151, + "title": "Stored XSS (basket.jsp)", + "description": "", + "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 184, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "152", + "object_id_int": 152, + "title": "CGI Stored XSS (home.jsp)", + "description": "", + "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 185, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "153", + "object_id_int": 153, + "title": "Not Using a Random IV with CBC Mode (AES.java)", + "description": "", + "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 186, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "154", + "object_id_int": 154, + "title": "Collapse of Data into Unsafe Value (contact.jsp)", + "description": "", + "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 187, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "155", + "object_id_int": 155, + "title": "Stored Boundary Violation (login.jsp)", + "description": "", + "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 188, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "156", + "object_id_int": 156, + "title": "Hardcoded password in Connection String (home.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 189, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "157", + "object_id_int": 157, + "title": "Blind SQL Injections (password.jsp)", + "description": "", + "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 190, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "158", + "object_id_int": 158, + "title": "Heap Inspection (password.jsp)", + "description": "", + "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 191, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "159", + "object_id_int": 159, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 192, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "160", + "object_id_int": 160, + "title": "Trust Boundary Violation (login.jsp)", + "description": "", + "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 193, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "161", + "object_id_int": 161, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 194, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "162", + "object_id_int": 162, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 195, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "163", + "object_id_int": 163, + "title": "Empty Password In Connection String (product.jsp)", + "description": "", + "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 196, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "164", + "object_id_int": 164, + "title": "Improper Resource Access Authorization (password.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 197, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "165", + "object_id_int": 165, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "description": "", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 198, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "166", + "object_id_int": 166, + "title": "Hardcoded password in Connection String (password.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 199, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "167", + "object_id_int": 167, + "title": "HttpOnlyCookies In Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 200, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "168", + "object_id_int": 168, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "description": "", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 201, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "169", + "object_id_int": 169, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 202, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "170", + "object_id_int": 170, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 203, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "171", + "object_id_int": 171, + "title": "Suspected XSS (password.jsp)", + "description": "", + "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 204, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "172", + "object_id_int": 172, + "title": "Hardcoded password in Connection String (contact.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 205, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "173", + "object_id_int": 173, + "title": "Hardcoded password in Connection String (dbconnection.jspf)", + "description": "", + "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 206, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "174", + "object_id_int": 174, + "title": "Empty Password In Connection String (register.jsp)", + "description": "", + "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 207, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "175", + "object_id_int": 175, + "title": "Download of Code Without Integrity Check (home.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 208, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "176", + "object_id_int": 176, + "title": "Information Exposure Through an Error Message (home.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 209, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "177", + "object_id_int": 177, + "title": "SQL Injection (login.jsp)", + "description": "", + "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 210, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "178", + "object_id_int": 178, + "title": "Empty Password In Connection String (advanced.jsp)", + "description": "", + "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 211, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "179", + "object_id_int": 179, + "title": "CGI Stored XSS (score.jsp)", + "description": "", + "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 212, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "180", + "object_id_int": 180, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "description": "", + "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 213, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "181", + "object_id_int": 181, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 214, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "182", + "object_id_int": 182, + "title": "Hardcoded password in Connection String (basket.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 215, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "183", + "object_id_int": 183, + "title": "Stored XSS (admin.jsp)", + "description": "", + "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 216, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "184", + "object_id_int": 184, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 217, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "185", + "object_id_int": 185, + "title": "Empty Password In Connection String (init.jsp)", + "description": "", + "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 218, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "186", + "object_id_int": 186, + "title": "Heap Inspection (login.jsp)", + "description": "", + "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 219, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "187", + "object_id_int": 187, + "title": "Download of Code Without Integrity Check (product.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 220, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "188", + "object_id_int": 188, + "title": "Session Fixation (AdvancedSearch.java)", + "description": "", + "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 221, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "189", + "object_id_int": 189, + "title": "Stored XSS (search.jsp)", + "description": "", + "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 222, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "190", + "object_id_int": 190, + "title": "Empty Password In Connection String (dbconnection.jspf)", + "description": "", + "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 223, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "191", + "object_id_int": 191, + "title": "Hardcoded password in Connection String (init.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 224, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "192", + "object_id_int": 192, + "title": "Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 225, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "193", + "object_id_int": 193, + "title": "HttpOnlyCookies (basket.jsp)", + "description": "", + "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 226, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "194", + "object_id_int": 194, + "title": "Download of Code Without Integrity Check (register.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 227, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "195", + "object_id_int": 195, + "title": "Stored XSS (home.jsp)", + "description": "", + "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 228, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "196", + "object_id_int": 196, + "title": "Empty Password In Connection String (home.jsp)", + "description": "", + "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 229, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "197", + "object_id_int": 197, + "title": "Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 230, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "198", + "object_id_int": 198, + "title": "Improper Resource Access Authorization (product.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 231, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "199", + "object_id_int": 199, + "title": "Download of Code Without Integrity Check (password.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 232, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "200", + "object_id_int": 200, + "title": "Download of Code Without Integrity Check (score.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 233, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "201", + "object_id_int": 201, + "title": "Improper Resource Access Authorization (basket.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 234, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "202", + "object_id_int": 202, + "title": "Race Condition Format Flaw (basket.jsp)", + "description": "", + "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 235, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "203", + "object_id_int": 203, + "title": "Empty Password In Connection String (header.jsp)", + "description": "", + "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 236, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "204", + "object_id_int": 204, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "description": "", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 237, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "205", + "object_id_int": 205, + "title": "Suspected XSS (contact.jsp)", + "description": "", + "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 238, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "206", + "object_id_int": 206, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 239, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "207", + "object_id_int": 207, + "title": "CGI Stored XSS (product.jsp)", + "description": "", + "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 240, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "208", + "object_id_int": 208, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 241, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "209", + "object_id_int": 209, + "title": "Download of Code Without Integrity Check (header.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 242, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "210", + "object_id_int": 210, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 243, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "211", + "object_id_int": 211, + "title": "Blind SQL Injections (login.jsp)", + "description": "", + "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 244, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "212", + "object_id_int": 212, + "title": "Client DOM Open Redirect (advanced.jsp)", + "description": "", + "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 245, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "213", + "object_id_int": 213, + "title": "Hardcoded password in Connection String (search.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 246, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "214", + "object_id_int": 214, + "title": "CGI Stored XSS (basket.jsp)", + "description": "", + "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 247, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "215", + "object_id_int": 215, + "title": "Use of Insufficiently Random Values (init.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 248, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "216", + "object_id_int": 216, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 249, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "217", + "object_id_int": 217, + "title": "Reflected XSS All Clients (search.jsp)", + "description": "", + "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 250, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "218", + "object_id_int": 218, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 251, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "219", + "object_id_int": 219, + "title": "Information Exposure Through an Error Message (score.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 252, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "220", + "object_id_int": 220, + "title": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)", + "description": "", + "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 253, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "221", + "object_id_int": 221, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 254, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "222", + "object_id_int": 222, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 255, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "223", + "object_id_int": 223, + "title": "CGI Stored XSS (admin.jsp)", + "description": "", + "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 256, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "224", + "object_id_int": 224, + "title": "Heap Inspection (register.jsp)", + "description": "", + "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 257, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "225", + "object_id_int": 225, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 258, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "226", + "object_id_int": 226, + "title": "Information Exposure Through an Error Message (register.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 259, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "227", + "object_id_int": 227, + "title": "Improper Resource Access Authorization (init.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 260, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "228", + "object_id_int": 228, + "title": "CGI Stored XSS (header.jsp)", + "description": "", + "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 261, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "229", + "object_id_int": 229, + "title": "Blind SQL Injections (basket.jsp)", + "description": "", + "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 262, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "230", + "object_id_int": 230, + "title": "HttpOnlyCookies In Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 263, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "231", + "object_id_int": 231, + "title": "Use of Hard coded Cryptographic Key (AES.java)", + "description": "", + "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 264, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "232", + "object_id_int": 232, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 265, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "233", + "object_id_int": 233, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 266, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "234", + "object_id_int": 234, + "title": "Stored XSS (score.jsp)", + "description": "", + "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 267, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "235", + "object_id_int": 235, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 268, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "236", + "object_id_int": 236, + "title": "Improper Resource Access Authorization (search.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 269, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "237", + "object_id_int": 237, + "title": "Improper Resource Access Authorization (home.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 270, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "238", + "object_id_int": 238, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 271, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "239", + "object_id_int": 239, + "title": "Information Exposure Through an Error Message (search.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 272, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "240", + "object_id_int": 240, + "title": "Blind SQL Injections (register.jsp)", + "description": "", + "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 273, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "241", + "object_id_int": 241, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 274, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "242", + "object_id_int": 242, + "title": "Download of Code Without Integrity Check (search.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 275, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "243", + "object_id_int": 243, + "title": "Unsynchronized Access To Shared Data (AdvancedSearch.java)", + "description": "", + "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 276, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "244", + "object_id_int": 244, + "title": "Empty Password In Connection String (search.jsp)", + "description": "", + "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 277, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "245", + "object_id_int": 245, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 278, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "246", + "object_id_int": 246, + "title": "Improper Resource Access Authorization (score.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 279, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "247", + "object_id_int": 247, + "title": "Session Fixation (logout.jsp)", + "description": "", + "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 280, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "248", + "object_id_int": 248, + "title": "Hardcoded password in Connection String (login.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 281, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "249", + "object_id_int": 249, + "title": "Hardcoded password in Connection String (advanced.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 282, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "250", + "object_id_int": 250, + "title": "Improper Resource Access Authorization (login.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 283, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "251", + "object_id_int": 251, + "title": "Improper Resource Access Authorization (header.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 284, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "252", + "object_id_int": 252, + "title": "Empty Password In Connection String (score.jsp)", + "description": "", + "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 285, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "253", + "object_id_int": 253, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 286, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "254", + "object_id_int": 254, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 287, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "255", + "object_id_int": 255, + "title": "Empty Password In Connection String (login.jsp)", + "description": "", + "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 288, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "256", + "object_id_int": 256, + "title": "Information Exposure Through an Error Message (login.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 289, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "257", + "object_id_int": 257, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 290, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "258", + "object_id_int": 258, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 291, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "259", + "object_id_int": 259, + "title": "HttpOnlyCookies (login.jsp)", + "description": "", + "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 292, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "260", + "object_id_int": 260, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 293, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "261", + "object_id_int": 261, + "title": "Information Exposure Through an Error Message (header.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 294, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "262", + "object_id_int": 262, + "title": "Race Condition Format Flaw (product.jsp)", + "description": "", + "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 295, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "263", + "object_id_int": 263, + "title": "Stored XSS (product.jsp)", + "description": "", + "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 296, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "264", + "object_id_int": 264, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 297, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "265", + "object_id_int": 265, + "title": "Heap Inspection (init.jsp)", + "description": "", + "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 298, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "266", + "object_id_int": 266, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 299, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "267", + "object_id_int": 267, + "title": "Empty Password In Connection String (contact.jsp)", + "description": "", + "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 300, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "268", + "object_id_int": 268, + "title": "Information Exposure Through an Error Message (product.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 301, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "269", + "object_id_int": 269, + "title": "XSRF (password.jsp)", + "description": "", + "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 302, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "270", + "object_id_int": 270, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 303, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "271", + "object_id_int": 271, + "title": "Improper Resource Access Authorization (register.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 304, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "272", + "object_id_int": 272, + "title": "Download of Code Without Integrity Check (basket.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 305, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "273", + "object_id_int": 273, + "title": "Improper Resource Access Authorization (admin.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None None None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 306, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "274", + "object_id_int": 274, + "title": "Use of Cryptographically Weak PRNG (contact.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 307, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "275", + "object_id_int": 275, + "title": "Improper Resource Shutdown or Release (contact.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 308, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "276", + "object_id_int": 276, + "title": "Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "Reflected XSS All Clients (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 309, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "277", + "object_id_int": 277, + "title": "Use of Insufficiently Random Values (home.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (home.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 310, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "278", + "object_id_int": 278, + "title": "SQL Injection (basket.jsp)", + "description": "", + "content": "SQL Injection (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None None None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 311, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "notification_webhooks" + ], + "object_id": "1", + "object_id_int": 1, + "title": "Tomcat | BodgeIt", + "description": "", + "content": "Tomcat 8.5.1 None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 312, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "262", + "object_id_int": 262, + "title": "Race Condition Format Flaw (product.jsp)", + "description": "", + "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None 262 N/A None BodgeIt ", + "url": "/finding/262", + "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 313, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "263", + "object_id_int": 263, + "title": "Stored XSS (product.jsp)", + "description": "", + "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None 263 N/A None BodgeIt ", + "url": "/finding/263", + "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 314, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "6", + "object_id_int": 6, + "title": "Engagement: Quarterly PCI Scan (Jan 19, 2022)", + "description": "", + "content": "Quarterly PCI Scan Reccuring Quarterly Scan None None None Not Started other none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 315, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "18", + "object_id_int": 18, + "title": "Qualys Scan (Jan 19, 2022)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 316, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "tagulous_product_tags" + ], + "object_id": "2", + "object_id_int": 2, + "title": "Internal CRM App", + "description": "", + "content": "Internal CRM App * New product in development that attempts to follow all best practices Bob Builder Tester Jester None medium web construction internal", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 317, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "7", + "object_id_int": 7, + "title": "Engagement: Ad Hoc Engagement (Nov 03, 2021)", + "description": "", + "content": "Ad Hoc Engagement None None None None None threat_model none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 318, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "19", + "object_id_int": 19, + "title": "Pen Test (Nov 03, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 319, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "279", + "object_id_int": 279, + "title": "test", + "description": "", + "content": "test No url given Info asdf adf asdf No references given S4 None None None None None df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5 None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 320, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "tagulous_product_tags" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Apple Accounting Software", + "description": "", + "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers 0 0 0 high web production purchased", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 321, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "8", + "object_id_int": 8, + "title": "Engagement: Initial Assessment (Dec 20, 2021)", + "description": "", + "content": "Initial Assessment This application needs to be assesed to determine the security posture. 10.2.1 None None Not Started other none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 322, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "20", + "object_id_int": 20, + "title": "API Test (Dec 20, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 323, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "21", + "object_id_int": 21, + "title": "Nmap Scan (Dec 20, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 324, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "22", + "object_id_int": 22, + "title": "Dependency Check Scan (Dec 20, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 325, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "23", + "object_id_int": 23, + "title": "ZAP Scan (Dec 20, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 326, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "276", + "object_id_int": 276, + "title": "Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None 276 N/A None BodgeIt ", + "url": "/finding/276", + "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 327, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "277", + "object_id_int": 277, + "title": "Use of Insufficiently Random Values (home.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None 277 N/A None BodgeIt ", + "url": "/finding/277", + "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 328, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "10", + "object_id_int": 10, + "title": "Engagement: Multiple scanners (Nov 04, 2021)", + "description": "", + "content": "Multiple scanners Example engagement with multiple scan types. 1.2.1 None None Completed threat_model none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 329, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "25", + "object_id_int": 25, + "title": "Dependency Check Scan (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 330, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "280", + "object_id_int": 280, + "title": "notepad++.exe | CVE-2007-2666", + "description": "", + "content": "notepad++.exe | CVE-2007-2666 None High CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++. None None name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n S1 None None None None None 1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a notepad++.exe", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 331, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "281", + "object_id_int": 281, + "title": "notepad++.exe | CVE-2008-3436", + "description": "", + "content": "notepad++.exe | CVE-2008-3436 None High CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. None None name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n S1 None None None None None b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb notepad++.exe", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 332, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "26", + "object_id_int": 26, + "title": "VCG Scan (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 333, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "282", + "object_id_int": 282, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 334, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "283", + "object_id_int": 283, + "title": ".NET Debugging Enabled", + "description": "", + "content": ".NET Debugging Enabled None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n None None None S2 None None None None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 335, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "284", + "object_id_int": 284, + "title": "URL Request Gets Path from Variable", + "description": "", + "content": "URL Request Gets Path from Variable None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None None None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 336, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "285", + "object_id_int": 285, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 337, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "286", + "object_id_int": 286, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 338, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "287", + "object_id_int": 287, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 339, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "288", + "object_id_int": 288, + "title": ".NET Debugging Enabled", + "description": "", + "content": ".NET Debugging Enabled None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n None None None S2 None None None None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 340, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "289", + "object_id_int": 289, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 341, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "290", + "object_id_int": 290, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 342, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "291", + "object_id_int": 291, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 343, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "292", + "object_id_int": 292, + "title": "URL Request Gets Path from Variable", + "description": "", + "content": "URL Request Gets Path from Variable None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n None None None S3 None None None None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 344, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "293", + "object_id_int": 293, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 345, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "294", + "object_id_int": 294, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 346, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "295", + "object_id_int": 295, + "title": "URL Request Gets Path from Variable", + "description": "", + "content": "URL Request Gets Path from Variable None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None None None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 347, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "296", + "object_id_int": 296, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 348, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "297", + "object_id_int": 297, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 349, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "298", + "object_id_int": 298, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 350, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "299", + "object_id_int": 299, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 351, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "301", + "object_id_int": 301, + "title": "Frameable response (potential Clickjacking)", + "description": "", + "content": "Frameable response (potential Clickjacking) None None None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None 301 None None BodgeIt ", + "url": "/finding/301", + "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 352, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "28", + "object_id_int": 28, + "title": "Burp Scan (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 353, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "300", + "object_id_int": 300, + "title": "Password field with autocomplete enabled", + "description": "", + "content": "Password field with autocomplete enabled None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 354, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "4", + "object_id_int": 4, + "title": "http://localhost:8888/bodgeit/login.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/login.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 355, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "5", + "object_id_int": 5, + "title": "127.0.0.1", + "description": "", + "content": "None 127.0.0.1 None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 356, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "6", + "object_id_int": 6, + "title": "http://localhost:8888/bodgeit/register.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/register.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 357, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "7", + "object_id_int": 7, + "title": "http://localhost:8888/bodgeit/password.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/password.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 358, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "301", + "object_id_int": 301, + "title": "Frameable response (potential Clickjacking)", + "description": "", + "content": "Frameable response (potential Clickjacking) None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 359, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "8", + "object_id_int": 8, + "title": "http://localhost:8888/bodgeit/", + "description": "", + "content": "http localhost:8888 None /bodgeit/ None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 360, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "9", + "object_id_int": 9, + "title": "http://localhost:8888/bodgeit/basket.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/basket.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 361, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "10", + "object_id_int": 10, + "title": "http://localhost:8888/bodgeit/advanced.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/advanced.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 362, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "11", + "object_id_int": 11, + "title": "http://localhost:8888/bodgeit/admin.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/admin.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 363, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "12", + "object_id_int": 12, + "title": "http://localhost:8888/bodgeit/about.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/about.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 364, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "13", + "object_id_int": 13, + "title": "http://localhost:8888/bodgeit/contact.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/contact.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 365, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "14", + "object_id_int": 14, + "title": "http://localhost:8888/bodgeit/home.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/home.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 366, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "15", + "object_id_int": 15, + "title": "http://localhost:8888/bodgeit/product.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/product.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 367, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "16", + "object_id_int": 16, + "title": "http://localhost:8888/bodgeit/score.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/score.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 368, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "17", + "object_id_int": 17, + "title": "http://localhost:8888/bodgeit/search.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/search.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 369, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "18", + "object_id_int": 18, + "title": "http://localhost:8888/", + "description": "", + "content": "http localhost:8888 None / None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 370, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "19", + "object_id_int": 19, + "title": "http://localhost:8888/bodgeit/logout.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/logout.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 371, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "302", + "object_id_int": 302, + "title": "Cross-site scripting (reflected)", + "description": "", + "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 372, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "303", + "object_id_int": 303, + "title": "Unencrypted communications", + "description": "", + "content": "Unencrypted communications None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None None None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 373, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "304", + "object_id_int": 304, + "title": "Password returned in later response", + "description": "", + "content": "Password returned in later response None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None None None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 374, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "305", + "object_id_int": 305, + "title": "Email addresses disclosed", + "description": "", + "content": "Email addresses disclosed None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None None None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 375, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "306", + "object_id_int": 306, + "title": "Cross-site request forgery", + "description": "", + "content": "Cross-site request forgery None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None None None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 376, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "307", + "object_id_int": 307, + "title": "SQL injection", + "description": "", + "content": "SQL injection None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None None None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 377, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "308", + "object_id_int": 308, + "title": "Path-relative style sheet import", + "description": "", + "content": "Path-relative style sheet import None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 378, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "309", + "object_id_int": 309, + "title": "Cleartext submission of password", + "description": "", + "content": "Cleartext submission of password None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 379, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "11", + "object_id_int": 11, + "title": "Engagement: Manual PenTest (Dec 30, 2021)", + "description": "", + "content": "Manual PenTest Please do a manual pentest before our next release to prod. 1.9.1 None None Blocked other none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 380, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "29", + "object_id_int": 29, + "title": "Manual Code Review (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 381, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "30", + "object_id_int": 30, + "title": "Pen Test (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 382, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "12", + "object_id_int": 12, + "title": "Engagement: CI/CD Baseline Security Test (Nov 04, 2021)", + "description": "", + "content": "CI/CD Baseline Security Test 1.1.2 None https://github.com/psiinon/bodgeit None Completed other none none CI/CD 89 b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6 master https://github.com/psiinon/bodgeit", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 383, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "31", + "object_id_int": 31, + "title": "Gosec Scanner (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 384, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "310", + "object_id_int": 310, + "title": "this method will not auto-escape HTML. Verify data is well formed.-G203", + "description": "", + "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 385, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "311", + "object_id_int": 311, + "title": "this method will not auto-escape HTML. Verify data is well formed.-G203", + "description": "", + "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 386, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "312", + "object_id_int": 312, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 387, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "313", + "object_id_int": 313, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 388, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "314", + "object_id_int": 314, + "title": "SQL string formatting-G201", + "description": "", + "content": "SQL string formatting-G201 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n coming soon None None S2 None None None None None 929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd /vagrant/go/src/govwa/vulnerability/sqli/function.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 389, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "315", + "object_id_int": 315, + "title": "Blacklisted import crypto/md5: weak cryptographic primitive-G501", + "description": "", + "content": "Blacklisted import crypto/md5: weak cryptographic primitive-G501 N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None None None None 58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5 /vagrant/go/src/govwa/user/user.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 390, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "316", + "object_id_int": 316, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 391, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "317", + "object_id_int": 317, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None None None None 847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af /vagrant/go/src/govwa/vulnerability/csa/csa.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 392, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "318", + "object_id_int": 318, + "title": "Use of weak cryptographic primitive-G401", + "description": "", + "content": "Use of weak cryptographic primitive-G401 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None None None None 01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 393, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "319", + "object_id_int": 319, + "title": "Use of weak cryptographic primitive-G401", + "description": "", + "content": "Use of weak cryptographic primitive-G401 N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None None None None 493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4 /vagrant/go/src/govwa/user/user.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 394, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "320", + "object_id_int": 320, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n coming soon None None S3 None None None None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 395, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "321", + "object_id_int": 321, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n coming soon None None S3 None None None None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 396, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "322", + "object_id_int": 322, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n coming soon None None S3 None None None None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 397, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "323", + "object_id_int": 323, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n coming soon None None S3 None None None None None 2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95 /vagrant/go/src/govwa/app.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 398, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "324", + "object_id_int": 324, + "title": "this method will not auto-escape HTML. Verify data is well formed.-G203", + "description": "", + "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 399, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "325", + "object_id_int": 325, + "title": "this method will not auto-escape HTML. Verify data is well formed.-G203", + "description": "", + "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 400, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "326", + "object_id_int": 326, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n coming soon None None S3 None None None None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 401, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "327", + "object_id_int": 327, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n coming soon None None S3 None None None None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 402, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "328", + "object_id_int": 328, + "title": "Use of weak cryptographic primitive-G401", + "description": "", + "content": "Use of weak cryptographic primitive-G401 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None None None None 409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692 /vagrant/go/src/govwa/vulnerability/csa/csa.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 403, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "329", + "object_id_int": 329, + "title": "Blacklisted import crypto/md5: weak cryptographic primitive-G501", + "description": "", + "content": "Blacklisted import crypto/md5: weak cryptographic primitive-G501 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None None None None 822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1 /vagrant/go/src/govwa/vulnerability/csa/csa.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 404, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "330", + "object_id_int": 330, + "title": "Blacklisted import crypto/md5: weak cryptographic primitive-G501", + "description": "", + "content": "Blacklisted import crypto/md5: weak cryptographic primitive-G501 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None None None None 1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 405, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "331", + "object_id_int": 331, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n coming soon None None S3 None None None None None 9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a /vagrant/go/src/govwa/util/cookie.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 406, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "332", + "object_id_int": 332, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 407, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "333", + "object_id_int": 333, + "title": "this method will not auto-escape HTML. Verify data is well formed.-G203", + "description": "", + "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 408, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "334", + "object_id_int": 334, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 409, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "335", + "object_id_int": 335, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None None None None 27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa /vagrant/go/src/govwa/user/user.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 410, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "336", + "object_id_int": 336, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n coming soon None None S3 None None None None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 411, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "337", + "object_id_int": 337, + "title": "this method will not auto-escape HTML. Verify data is well formed.-G203", + "description": "", + "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n coming soon None None S2 None None None None None 2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66 /vagrant/go/src/govwa/util/template.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 412, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "1", + "object_id_int": 1, + "title": "http://127.0.0.1/endpoint/420/edit/", + "description": "", + "content": "http 127.0.0.1 example.com /endpoint/420/edit/ None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 413, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "2", + "object_id_int": 2, + "title": "ftp://localhost/", + "description": "", + "content": "ftp localhost www.example.com / None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 414, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "3", + "object_id_int": 3, + "title": "ssh:127.0.0.1", + "description": "", + "content": "ssh 127.0.0.1 www.example.com None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 415, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "1", + "object_id_int": 1, + "title": "Engagement: 1st Quarter Engagement (Jun 30, 2021)", + "description": "", + "content": "1st Quarter Engagement test Engagement None None None None In Progress threat_model none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 416, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Engagement: weekly engagement (Jun 21, 2021)", + "description": "", + "content": "weekly engagement test Engagement None None None None Completed threat_model none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 417, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "3", + "object_id_int": 3, + "title": "API Test (Feb 18, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 418, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "13", + "object_id_int": 13, + "title": "API Test (Mar 21, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 419, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "13", + "object_id_int": 13, + "title": "Engagement: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)", + "description": "", + "content": "AdHoc Import - Fri, 17 Aug 2018 18:20:55 None None None None None In Progress threat_model none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 420, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "32", + "object_id_int": 32, + "title": "Burp Scan (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 421, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "338", + "object_id_int": 338, + "title": "Password field with autocomplete enabled", + "description": "", + "content": "Password field with autocomplete enabled None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 422, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "339", + "object_id_int": 339, + "title": "Frameable response (potential Clickjacking)", + "description": "", + "content": "Frameable response (potential Clickjacking) None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 423, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "340", + "object_id_int": 340, + "title": "Cross-site scripting (reflected)", + "description": "", + "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 424, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "341", + "object_id_int": 341, + "title": "Unencrypted communications", + "description": "", + "content": "Unencrypted communications None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None None None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 425, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "342", + "object_id_int": 342, + "title": "Password returned in later response", + "description": "", + "content": "Password returned in later response None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None None None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 426, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "343", + "object_id_int": 343, + "title": "Email addresses disclosed", + "description": "", + "content": "Email addresses disclosed None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None None None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 427, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "344", + "object_id_int": 344, + "title": "Cross-site request forgery", + "description": "", + "content": "Cross-site request forgery None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None None None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 428, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "345", + "object_id_int": 345, + "title": "SQL injection", + "description": "", + "content": "SQL injection None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None None None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 429, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "346", + "object_id_int": 346, + "title": "Path-relative style sheet import", + "description": "", + "content": "Path-relative style sheet import None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 430, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "347", + "object_id_int": 347, + "title": "Cleartext submission of password", + "description": "", + "content": "Cleartext submission of password None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 431, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "5", + "object_id_int": 5, + "title": "High Impact Test Finding", + "description": "", + "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 5 None None Internal CRM App 222", + "url": "/finding/5", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"222\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 432, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "4", + "object_id_int": 4, + "title": "High Impact Test Finding", + "description": "", + "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 4 None None Internal CRM App ", + "url": "/finding/4", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 433, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "6", + "object_id_int": 6, + "title": "High Impact Test Finding", + "description": "", + "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 6 None None Internal CRM App 333", + "url": "/finding/6", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"333\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 434, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "7", + "object_id_int": 7, + "title": "Dummy Finding", + "description": "", + "content": "Dummy Finding None None http://www.example.com High TEST finding MITIGATION HIGH None None S1 None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 None None None None None None None None None None 7 http://www.example.com None Internal CRM App ", + "url": "/finding/7", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 435, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "309", + "object_id_int": 309, + "title": "Cleartext Submission of Password", + "description": "", + "content": "Cleartext Submission of Password None None None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 309 None None BodgeIt ", + "url": "/finding/309", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 436, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "347", + "object_id_int": 347, + "title": "Cleartext Submission of Password", + "description": "", + "content": "Cleartext Submission of Password None None None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 347 None None BodgeIt ", + "url": "/finding/347", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 437, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "302", + "object_id_int": 302, + "title": "Cross-Site Scripting (Reflected)", + "description": "", + "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 302 None None BodgeIt ", + "url": "/finding/302", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 438, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "340", + "object_id_int": 340, + "title": "Cross-Site Scripting (Reflected)", + "description": "", + "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 340 None None BodgeIt ", + "url": "/finding/340", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 439, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "345", + "object_id_int": 345, + "title": "SQL Injection", + "description": "", + "content": "SQL Injection None None None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None None None None None None None None None None None 345 None None BodgeIt ", + "url": "/finding/345", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 440, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "307", + "object_id_int": 307, + "title": "SQL Injection", + "description": "", + "content": "SQL Injection None None None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None None None None None None None None None None None 307 None None BodgeIt ", + "url": "/finding/307", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 441, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "280", + "object_id_int": 280, + "title": "Notepad++.exe | CVE-2007-2666", + "description": "", + "content": "Notepad++.exe | CVE-2007-2666 None None None High CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++. None None name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n S1 None None 1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a notepad++.exe None None None None None None None None None None 280 None None BodgeIt ", + "url": "/finding/280", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 442, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "281", + "object_id_int": 281, + "title": "Notepad++.exe | CVE-2008-3436", + "description": "", + "content": "Notepad++.exe | CVE-2008-3436 None None None High CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. None None name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n S1 None None b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb notepad++.exe None None None None None None None None None None 281 None None BodgeIt ", + "url": "/finding/281", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 443, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "145", + "object_id_int": 145, + "title": "Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 145 N/A None BodgeIt ", + "url": "/finding/145", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 444, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "13", + "object_id_int": 13, + "title": "Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 13 N/A None BodgeIt ", + "url": "/finding/13", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 445, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "product" + ], + "object_id": "2", + "object_id_int": 2, + "title": "Internal CRM App", + "description": "", + "content": "Internal CRM App * New product in development that attempts to follow all best practices medium web construction internal 2 Commerce", + "url": "/product/2", + "meta_encoded": "{\"prod_type__name\": \"Commerce\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 446, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "60", + "object_id_int": 60, + "title": "Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "/finding/60", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 447, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "192", + "object_id_int": 192, + "title": "Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "/finding/192", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 448, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "276", + "object_id_int": 276, + "title": "Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None None None None 276 N/A None BodgeIt ", + "url": "/finding/276", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 449, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "65", + "object_id_int": 65, + "title": "Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 65 N/A None BodgeIt ", + "url": "/finding/65", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 450, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "197", + "object_id_int": 197, + "title": "Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 197 N/A None BodgeIt ", + "url": "/finding/197", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 451, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "217", + "object_id_int": 217, + "title": "Reflected XSS All Clients (search.jsp)", + "description": "", + "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 217 N/A None BodgeIt ", + "url": "/finding/217", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 452, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "85", + "object_id_int": 85, + "title": "Reflected XSS All Clients (search.jsp)", + "description": "", + "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 85 N/A None BodgeIt ", + "url": "/finding/85", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 453, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "278", + "object_id_int": 278, + "title": "SQL Injection (basket.jsp)", + "description": "", + "content": "SQL Injection (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp None None None None None None None None None None 278 N/A None BodgeIt ", + "url": "/finding/278", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 454, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "45", + "object_id_int": 45, + "title": "SQL Injection (login.jsp)", + "description": "", + "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 45 N/A None BodgeIt ", + "url": "/finding/45", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 455, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "177", + "object_id_int": 177, + "title": "SQL Injection (login.jsp)", + "description": "", + "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 177 N/A None BodgeIt ", + "url": "/finding/177", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 456, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "18", + "object_id_int": 18, + "title": "SQL Injection (password.jsp)", + "description": "", + "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 18 N/A None BodgeIt ", + "url": "/finding/18", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 457, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "150", + "object_id_int": 150, + "title": "SQL Injection (password.jsp)", + "description": "", + "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 150 N/A None BodgeIt ", + "url": "/finding/150", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 458, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "8", + "object_id_int": 8, + "title": "SQL Injection (register.jsp)", + "description": "", + "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 8 N/A None BodgeIt ", + "url": "/finding/8", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 459, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "140", + "object_id_int": 140, + "title": "SQL Injection (register.jsp)", + "description": "", + "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 140 N/A None BodgeIt ", + "url": "/finding/140", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 460, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "51", + "object_id_int": 51, + "title": "Stored XSS (admin.jsp)", + "description": "", + "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 51 N/A None BodgeIt ", + "url": "/finding/51", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 461, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "183", + "object_id_int": 183, + "title": "Stored XSS (admin.jsp)", + "description": "", + "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 183 N/A None BodgeIt ", + "url": "/finding/183", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 462, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "151", + "object_id_int": 151, + "title": "Stored XSS (basket.jsp)", + "description": "", + "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 151 N/A None BodgeIt ", + "url": "/finding/151", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 463, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "19", + "object_id_int": 19, + "title": "Stored XSS (basket.jsp)", + "description": "", + "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 19 N/A None BodgeIt ", + "url": "/finding/19", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 464, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "258", + "object_id_int": 258, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 258 N/A None BodgeIt ", + "url": "/finding/258", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 465, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "126", + "object_id_int": 126, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 126 N/A None BodgeIt ", + "url": "/finding/126", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 466, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "90", + "object_id_int": 90, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 90 N/A None BodgeIt ", + "url": "/finding/90", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 467, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "222", + "object_id_int": 222, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 222 N/A None BodgeIt ", + "url": "/finding/222", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 468, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "63", + "object_id_int": 63, + "title": "Stored XSS (home.jsp)", + "description": "", + "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 63 N/A None BodgeIt ", + "url": "/finding/63", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 469, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "195", + "object_id_int": 195, + "title": "Stored XSS (home.jsp)", + "description": "", + "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 195 N/A None BodgeIt ", + "url": "/finding/195", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 470, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "263", + "object_id_int": 263, + "title": "Stored XSS (product.jsp)", + "description": "", + "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 263 N/A None BodgeIt ", + "url": "/finding/263", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 471, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "131", + "object_id_int": 131, + "title": "Stored XSS (product.jsp)", + "description": "", + "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 131 N/A None BodgeIt ", + "url": "/finding/131", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 472, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "234", + "object_id_int": 234, + "title": "Stored XSS (score.jsp)", + "description": "", + "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 234 N/A None BodgeIt ", + "url": "/finding/234", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 473, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "102", + "object_id_int": 102, + "title": "Stored XSS (score.jsp)", + "description": "", + "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 102 N/A None BodgeIt ", + "url": "/finding/102", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 474, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "189", + "object_id_int": 189, + "title": "Stored XSS (search.jsp)", + "description": "", + "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 189 N/A None BodgeIt ", + "url": "/finding/189", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 475, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "57", + "object_id_int": 57, + "title": "Stored XSS (search.jsp)", + "description": "", + "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 57 N/A None BodgeIt ", + "url": "/finding/57", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 476, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "288", + "object_id_int": 288, + "title": ".NET Debugging Enabled", + "description": "", + "content": ".NET Debugging Enabled None None None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n None None None S2 None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None None None None None None None None None None None 288 None None BodgeIt ", + "url": "/finding/288", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 477, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "283", + "object_id_int": 283, + "title": ".NET Debugging Enabled", + "description": "", + "content": ".NET Debugging Enabled None None None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n None None None S2 None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None None None None None None None None None None None 283 None None BodgeIt ", + "url": "/finding/283", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 478, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "315", + "object_id_int": 315, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "description": "", + "content": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501 None None N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None 58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5 /vagrant/go/src/govwa/user/user.go None None None None None None None None None None 315 N/A None BodgeIt ", + "url": "/finding/315", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 479, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "product" + ], + "object_id": "1", + "object_id_int": 1, + "title": "BodgeIt", + "description": "", + "content": "BodgeIt [Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up high web production internal 1 Commerce", + "url": "/product/1", + "meta_encoded": "{\"prod_type__name\": \"Commerce\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 480, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "329", + "object_id_int": 329, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "description": "", + "content": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None 822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1 /vagrant/go/src/govwa/vulnerability/csa/csa.go None None None None None None None None None None 329 N/A None BodgeIt ", + "url": "/finding/329", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 481, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "330", + "object_id_int": 330, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "description": "", + "content": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None 1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 330 N/A None BodgeIt ", + "url": "/finding/330", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 482, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "342", + "object_id_int": 342, + "title": "Password Returned in Later Response", + "description": "", + "content": "Password Returned in Later Response None None None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None None None None None None None None None None None 342 None None BodgeIt ", + "url": "/finding/342", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 483, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "304", + "object_id_int": 304, + "title": "Password Returned in Later Response", + "description": "", + "content": "Password Returned in Later Response None None None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None None None None None None None None None None None 304 None None BodgeIt ", + "url": "/finding/304", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 484, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "314", + "object_id_int": 314, + "title": "SQL String Formatting-G201", + "description": "", + "content": "SQL String Formatting-G201 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n coming soon None None S2 None None 929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd /vagrant/go/src/govwa/vulnerability/sqli/function.go None None None None None None None None None None 314 N/A None BodgeIt ", + "url": "/finding/314", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 485, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "328", + "object_id_int": 328, + "title": "Use of Weak Cryptographic Primitive-G401", + "description": "", + "content": "Use of Weak Cryptographic Primitive-G401 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None 409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692 /vagrant/go/src/govwa/vulnerability/csa/csa.go None None None None None None None None None None 328 N/A None BodgeIt ", + "url": "/finding/328", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 486, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "319", + "object_id_int": 319, + "title": "Use of Weak Cryptographic Primitive-G401", + "description": "", + "content": "Use of Weak Cryptographic Primitive-G401 None None N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None 493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4 /vagrant/go/src/govwa/user/user.go None None None None None None None None None None 319 N/A None BodgeIt ", + "url": "/finding/319", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 487, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "318", + "object_id_int": 318, + "title": "Use of Weak Cryptographic Primitive-G401", + "description": "", + "content": "Use of Weak Cryptographic Primitive-G401 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None 01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 318 N/A None BodgeIt ", + "url": "/finding/318", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 488, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "333", + "object_id_int": 333, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "description": "", + "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 333 N/A None BodgeIt ", + "url": "/finding/333", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 489, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "337", + "object_id_int": 337, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "description": "", + "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n coming soon None None S2 None None 2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66 /vagrant/go/src/govwa/util/template.go None None None None None None None None None None 337 N/A None BodgeIt ", + "url": "/finding/337", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 490, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "310", + "object_id_int": 310, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "description": "", + "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 310 N/A None BodgeIt ", + "url": "/finding/310", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 491, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "325", + "object_id_int": 325, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "description": "", + "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 325 N/A None BodgeIt ", + "url": "/finding/325", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 492, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "311", + "object_id_int": 311, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "description": "", + "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 311 N/A None BodgeIt ", + "url": "/finding/311", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 493, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "324", + "object_id_int": 324, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "description": "", + "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 324 N/A None BodgeIt ", + "url": "/finding/324", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 494, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "101", + "object_id_int": 101, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 101 N/A None BodgeIt ", + "url": "/finding/101", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 495, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "233", + "object_id_int": 233, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 233 N/A None BodgeIt ", + "url": "/finding/233", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 496, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "134", + "object_id_int": 134, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "/finding/134", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 497, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "266", + "object_id_int": 266, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "/finding/266", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 498, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "170", + "object_id_int": 170, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 170 N/A None BodgeIt ", + "url": "/finding/170", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 499, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "38", + "object_id_int": 38, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 38 N/A None BodgeIt ", + "url": "/finding/38", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 500, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "15", + "object_id_int": 15, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 15 N/A None BodgeIt ", + "url": "/finding/15", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 501, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "147", + "object_id_int": 147, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 147 N/A None BodgeIt ", + "url": "/finding/147", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 502, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "223", + "object_id_int": 223, + "title": "CGI Stored XSS (admin.jsp)", + "description": "", + "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 223 N/A None BodgeIt ", + "url": "/finding/223", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 503, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "91", + "object_id_int": 91, + "title": "CGI Stored XSS (admin.jsp)", + "description": "", + "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 91 N/A None BodgeIt ", + "url": "/finding/91", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 504, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "82", + "object_id_int": 82, + "title": "CGI Stored XSS (basket.jsp)", + "description": "", + "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 82 N/A None BodgeIt ", + "url": "/finding/82", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 505, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "214", + "object_id_int": 214, + "title": "CGI Stored XSS (basket.jsp)", + "description": "", + "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 214 N/A None BodgeIt ", + "url": "/finding/214", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 506, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "96", + "object_id_int": 96, + "title": "CGI Stored XSS (header.jsp)", + "description": "", + "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 96 N/A None BodgeIt ", + "url": "/finding/96", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 507, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "228", + "object_id_int": 228, + "title": "CGI Stored XSS (header.jsp)", + "description": "", + "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 228 N/A None BodgeIt ", + "url": "/finding/228", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 508, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "152", + "object_id_int": 152, + "title": "CGI Stored XSS (home.jsp)", + "description": "", + "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 152 N/A None BodgeIt ", + "url": "/finding/152", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 509, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "20", + "object_id_int": 20, + "title": "CGI Stored XSS (home.jsp)", + "description": "", + "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 20 N/A None BodgeIt ", + "url": "/finding/20", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 510, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "207", + "object_id_int": 207, + "title": "CGI Stored XSS (product.jsp)", + "description": "", + "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 207 N/A None BodgeIt ", + "url": "/finding/207", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 511, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "75", + "object_id_int": 75, + "title": "CGI Stored XSS (product.jsp)", + "description": "", + "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 75 N/A None BodgeIt ", + "url": "/finding/75", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 512, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "179", + "object_id_int": 179, + "title": "CGI Stored XSS (score.jsp)", + "description": "", + "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 179 N/A None BodgeIt ", + "url": "/finding/179", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 513, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "47", + "object_id_int": 47, + "title": "CGI Stored XSS (score.jsp)", + "description": "", + "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 47 N/A None BodgeIt ", + "url": "/finding/47", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 514, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "165", + "object_id_int": 165, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "description": "", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 165 N/A None BodgeIt ", + "url": "/finding/165", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 515, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "33", + "object_id_int": 33, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "description": "", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 33 N/A None BodgeIt ", + "url": "/finding/33", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 516, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "52", + "object_id_int": 52, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 52 N/A None BodgeIt ", + "url": "/finding/52", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 517, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "184", + "object_id_int": 184, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 184 N/A None BodgeIt ", + "url": "/finding/184", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 518, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "138", + "object_id_int": 138, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 138 N/A None BodgeIt ", + "url": "/finding/138", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 519, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "270", + "object_id_int": 270, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 270 N/A None BodgeIt ", + "url": "/finding/270", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 520, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "272", + "object_id_int": 272, + "title": "Download of Code Without Integrity Check (basket.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp None None None None None None None None None None 272 N/A None BodgeIt ", + "url": "/finding/272", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 521, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "77", + "object_id_int": 77, + "title": "Download of Code Without Integrity Check (header.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 77 N/A None BodgeIt ", + "url": "/finding/77", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 522, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "209", + "object_id_int": 209, + "title": "Download of Code Without Integrity Check (header.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 209 N/A None BodgeIt ", + "url": "/finding/209", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 523, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "175", + "object_id_int": 175, + "title": "Download of Code Without Integrity Check (home.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 175 N/A None BodgeIt ", + "url": "/finding/175", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 524, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "43", + "object_id_int": 43, + "title": "Download of Code Without Integrity Check (home.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 43 N/A None BodgeIt ", + "url": "/finding/43", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 525, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "141", + "object_id_int": 141, + "title": "Download of Code Without Integrity Check (login.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 141 N/A None BodgeIt ", + "url": "/finding/141", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 526, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "9", + "object_id_int": 9, + "title": "Download of Code Without Integrity Check (login.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 9 N/A None BodgeIt ", + "url": "/finding/9", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 527, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "199", + "object_id_int": 199, + "title": "Download of Code Without Integrity Check (password.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 199 N/A None BodgeIt ", + "url": "/finding/199", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 528, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "67", + "object_id_int": 67, + "title": "Download of Code Without Integrity Check (password.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 67 N/A None BodgeIt ", + "url": "/finding/67", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 529, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "187", + "object_id_int": 187, + "title": "Download of Code Without Integrity Check (product.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 187 N/A None BodgeIt ", + "url": "/finding/187", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 530, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "55", + "object_id_int": 55, + "title": "Download of Code Without Integrity Check (product.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 55 N/A None BodgeIt ", + "url": "/finding/55", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 531, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "62", + "object_id_int": 62, + "title": "Download of Code Without Integrity Check (register.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 62 N/A None BodgeIt ", + "url": "/finding/62", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 532, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "194", + "object_id_int": 194, + "title": "Download of Code Without Integrity Check (register.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 194 N/A None BodgeIt ", + "url": "/finding/194", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 533, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "200", + "object_id_int": 200, + "title": "Download of Code Without Integrity Check (score.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 200 N/A None BodgeIt ", + "url": "/finding/200", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 534, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "68", + "object_id_int": 68, + "title": "Download of Code Without Integrity Check (score.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 68 N/A None BodgeIt ", + "url": "/finding/68", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 535, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "110", + "object_id_int": 110, + "title": "Download of Code Without Integrity Check (search.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 110 N/A None BodgeIt ", + "url": "/finding/110", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 536, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "242", + "object_id_int": 242, + "title": "Download of Code Without Integrity Check (search.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 242 N/A None BodgeIt ", + "url": "/finding/242", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 537, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "117", + "object_id_int": 117, + "title": "Hardcoded Password in Connection String (advanced.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 117 N/A None BodgeIt ", + "url": "/finding/117", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 538, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "249", + "object_id_int": 249, + "title": "Hardcoded Password in Connection String (advanced.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 249 N/A None BodgeIt ", + "url": "/finding/249", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 539, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "50", + "object_id_int": 50, + "title": "Hardcoded Password in Connection String (basket.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 50 N/A None BodgeIt ", + "url": "/finding/50", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 540, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "182", + "object_id_int": 182, + "title": "Hardcoded Password in Connection String (basket.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 182 N/A None BodgeIt ", + "url": "/finding/182", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 541, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "40", + "object_id_int": 40, + "title": "Hardcoded Password in Connection String (contact.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 40 N/A None BodgeIt ", + "url": "/finding/40", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 542, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "172", + "object_id_int": 172, + "title": "Hardcoded Password in Connection String (contact.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 172 N/A None BodgeIt ", + "url": "/finding/172", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 543, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "173", + "object_id_int": 173, + "title": "Hardcoded Password in Connection String (dbconnection.jspf)", + "description": "", + "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 173 N/A None BodgeIt ", + "url": "/finding/173", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 544, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "41", + "object_id_int": 41, + "title": "Hardcoded Password in Connection String (dbconnection.jspf)", + "description": "", + "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 41 N/A None BodgeIt ", + "url": "/finding/41", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 545, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "24", + "object_id_int": 24, + "title": "Hardcoded Password in Connection String (home.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 24 N/A None BodgeIt ", + "url": "/finding/24", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 546, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "156", + "object_id_int": 156, + "title": "Hardcoded Password in Connection String (home.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 156 N/A None BodgeIt ", + "url": "/finding/156", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 547, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "59", + "object_id_int": 59, + "title": "Hardcoded Password in Connection String (init.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 59 N/A None BodgeIt ", + "url": "/finding/59", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 548, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "191", + "object_id_int": 191, + "title": "Hardcoded Password in Connection String (init.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 191 N/A None BodgeIt ", + "url": "/finding/191", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 549, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "248", + "object_id_int": 248, + "title": "Hardcoded Password in Connection String (login.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 248 N/A None BodgeIt ", + "url": "/finding/248", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 550, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "116", + "object_id_int": 116, + "title": "Hardcoded Password in Connection String (login.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 116 N/A None BodgeIt ", + "url": "/finding/116", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 551, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "34", + "object_id_int": 34, + "title": "Hardcoded Password in Connection String (password.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 34 N/A None BodgeIt ", + "url": "/finding/34", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 552, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "166", + "object_id_int": 166, + "title": "Hardcoded Password in Connection String (password.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 166 N/A None BodgeIt ", + "url": "/finding/166", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 553, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "148", + "object_id_int": 148, + "title": "Hardcoded Password in Connection String (product.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 148 N/A None BodgeIt ", + "url": "/finding/148", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 554, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "16", + "object_id_int": 16, + "title": "Hardcoded Password in Connection String (product.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 16 N/A None BodgeIt ", + "url": "/finding/16", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 555, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "81", + "object_id_int": 81, + "title": "Hardcoded Password in Connection String (search.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 81 N/A None BodgeIt ", + "url": "/finding/81", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 556, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "213", + "object_id_int": 213, + "title": "Hardcoded Password in Connection String (search.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 213 N/A None BodgeIt ", + "url": "/finding/213", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 557, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "265", + "object_id_int": 265, + "title": "Heap Inspection (init.jsp)", + "description": "", + "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 265 N/A None BodgeIt ", + "url": "/finding/265", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 558, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "133", + "object_id_int": 133, + "title": "Heap Inspection (init.jsp)", + "description": "", + "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 133 N/A None BodgeIt ", + "url": "/finding/133", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 559, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "54", + "object_id_int": 54, + "title": "Heap Inspection (login.jsp)", + "description": "", + "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 54 N/A None BodgeIt ", + "url": "/finding/54", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 560, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "186", + "object_id_int": 186, + "title": "Heap Inspection (login.jsp)", + "description": "", + "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 186 N/A None BodgeIt ", + "url": "/finding/186", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 561, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "26", + "object_id_int": 26, + "title": "Heap Inspection (password.jsp)", + "description": "", + "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 26 N/A None BodgeIt ", + "url": "/finding/26", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 562, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "158", + "object_id_int": 158, + "title": "Heap Inspection (password.jsp)", + "description": "", + "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 158 N/A None BodgeIt ", + "url": "/finding/158", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 563, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "92", + "object_id_int": 92, + "title": "Heap Inspection (register.jsp)", + "description": "", + "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 92 N/A None BodgeIt ", + "url": "/finding/92", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 564, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "224", + "object_id_int": 224, + "title": "Heap Inspection (register.jsp)", + "description": "", + "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 224 N/A None BodgeIt ", + "url": "/finding/224", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 565, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "193", + "object_id_int": 193, + "title": "HttpOnlyCookies (basket.jsp)", + "description": "", + "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 193 N/A None BodgeIt ", + "url": "/finding/193", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 566, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "61", + "object_id_int": 61, + "title": "HttpOnlyCookies (basket.jsp)", + "description": "", + "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 61 N/A None BodgeIt ", + "url": "/finding/61", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 567, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "259", + "object_id_int": 259, + "title": "HttpOnlyCookies (login.jsp)", + "description": "", + "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 259 N/A None BodgeIt ", + "url": "/finding/259", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 568, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "127", + "object_id_int": 127, + "title": "HttpOnlyCookies (login.jsp)", + "description": "", + "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 127 N/A None BodgeIt ", + "url": "/finding/127", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 569, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "14", + "object_id_int": 14, + "title": "HttpOnlyCookies (register.jsp)", + "description": "", + "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 14 N/A None BodgeIt ", + "url": "/finding/14", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 570, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "146", + "object_id_int": 146, + "title": "HttpOnlyCookies (register.jsp)", + "description": "", + "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 146 N/A None BodgeIt ", + "url": "/finding/146", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 571, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "98", + "object_id_int": 98, + "title": "HttpOnlyCookies in Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 98 N/A None BodgeIt ", + "url": "/finding/98", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 572, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "230", + "object_id_int": 230, + "title": "HttpOnlyCookies in Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 230 N/A None BodgeIt ", + "url": "/finding/230", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 573, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "167", + "object_id_int": 167, + "title": "HttpOnlyCookies in Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 167 N/A None BodgeIt ", + "url": "/finding/167", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 574, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "35", + "object_id_int": 35, + "title": "HttpOnlyCookies in Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 35 N/A None BodgeIt ", + "url": "/finding/35", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 575, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "56", + "object_id_int": 56, + "title": "Session Fixation (AdvancedSearch.java)", + "description": "", + "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 56 N/A None BodgeIt ", + "url": "/finding/56", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 576, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "188", + "object_id_int": 188, + "title": "Session Fixation (AdvancedSearch.java)", + "description": "", + "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 188 N/A None BodgeIt ", + "url": "/finding/188", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 577, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "247", + "object_id_int": 247, + "title": "Session Fixation (logout.jsp)", + "description": "", + "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 247 N/A None BodgeIt ", + "url": "/finding/247", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 578, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "115", + "object_id_int": 115, + "title": "Session Fixation (logout.jsp)", + "description": "", + "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 115 N/A None BodgeIt ", + "url": "/finding/115", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 579, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "28", + "object_id_int": 28, + "title": "Trust Boundary Violation (login.jsp)", + "description": "", + "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 28 N/A None BodgeIt ", + "url": "/finding/28", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 580, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "160", + "object_id_int": 160, + "title": "Trust Boundary Violation (login.jsp)", + "description": "", + "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 160 N/A None BodgeIt ", + "url": "/finding/160", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 581, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "274", + "object_id_int": 274, + "title": "Use of Cryptographically Weak PRNG (contact.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp None None None None None None None None None None 274 N/A None BodgeIt ", + "url": "/finding/274", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 582, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "159", + "object_id_int": 159, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 159 N/A None BodgeIt ", + "url": "/finding/159", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 583, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "27", + "object_id_int": 27, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 27 N/A None BodgeIt ", + "url": "/finding/27", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 584, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "206", + "object_id_int": 206, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 206 N/A None BodgeIt ", + "url": "/finding/206", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 585, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "74", + "object_id_int": 74, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 74 N/A None BodgeIt ", + "url": "/finding/74", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 586, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "99", + "object_id_int": 99, + "title": "Use of Hard Coded Cryptographic Key (AES.java)", + "description": "", + "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 99 N/A None BodgeIt ", + "url": "/finding/99", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 587, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "231", + "object_id_int": 231, + "title": "Use of Hard Coded Cryptographic Key (AES.java)", + "description": "", + "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 231 N/A None BodgeIt ", + "url": "/finding/231", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 588, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "88", + "object_id_int": 88, + "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", + "description": "", + "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 88 N/A None BodgeIt ", + "url": "/finding/88", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 589, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "220", + "object_id_int": 220, + "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", + "description": "", + "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 220 N/A None BodgeIt ", + "url": "/finding/220", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 590, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "257", + "object_id_int": 257, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 257 N/A None BodgeIt ", + "url": "/finding/257", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 591, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "125", + "object_id_int": 125, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 125 N/A None BodgeIt ", + "url": "/finding/125", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 592, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "277", + "object_id_int": 277, + "title": "Use of Insufficiently Random Values (home.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None None None None 277 N/A None BodgeIt ", + "url": "/finding/277", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 593, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "83", + "object_id_int": 83, + "title": "Use of Insufficiently Random Values (init.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 83 N/A None BodgeIt ", + "url": "/finding/83", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 594, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "215", + "object_id_int": 215, + "title": "Use of Insufficiently Random Values (init.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 215 N/A None BodgeIt ", + "url": "/finding/215", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 595, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "269", + "object_id_int": 269, + "title": "XSRF (password.jsp)", + "description": "", + "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 269 N/A None BodgeIt ", + "url": "/finding/269", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 596, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "137", + "object_id_int": 137, + "title": "XSRF (password.jsp)", + "description": "", + "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 137 N/A None BodgeIt ", + "url": "/finding/137", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 597, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "323", + "object_id_int": 323, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n coming soon None None S3 None None 2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95 /vagrant/go/src/govwa/app.go None None None None None None None None None None 323 N/A None BodgeIt ", + "url": "/finding/323", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 598, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "332", + "object_id_int": 332, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 332 N/A None BodgeIt ", + "url": "/finding/332", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 599, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "321", + "object_id_int": 321, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n coming soon None None S3 None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go None None None None None None None None None None 321 N/A None BodgeIt ", + "url": "/finding/321", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 600, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "326", + "object_id_int": 326, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n coming soon None None S3 None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go None None None None None None None None None None 326 N/A None BodgeIt ", + "url": "/finding/326", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 601, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "327", + "object_id_int": 327, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n coming soon None None S3 None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go None None None None None None None None None None 327 N/A None BodgeIt ", + "url": "/finding/327", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 602, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "317", + "object_id_int": 317, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None 847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af /vagrant/go/src/govwa/vulnerability/csa/csa.go None None None None None None None None None None 317 N/A None BodgeIt ", + "url": "/finding/317", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 603, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "313", + "object_id_int": 313, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 313 N/A None BodgeIt ", + "url": "/finding/313", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 604, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "320", + "object_id_int": 320, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n coming soon None None S3 None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go None None None None None None None None None None 320 N/A None BodgeIt ", + "url": "/finding/320", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 605, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "312", + "object_id_int": 312, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 312 N/A None BodgeIt ", + "url": "/finding/312", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 606, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "316", + "object_id_int": 316, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 316 N/A None BodgeIt ", + "url": "/finding/316", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 607, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "331", + "object_id_int": 331, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n coming soon None None S3 None None 9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a /vagrant/go/src/govwa/util/cookie.go None None None None None None None None None None 331 N/A None BodgeIt ", + "url": "/finding/331", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 608, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "336", + "object_id_int": 336, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n coming soon None None S3 None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go None None None None None None None None None None 336 N/A None BodgeIt ", + "url": "/finding/336", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 609, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "322", + "object_id_int": 322, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n coming soon None None S3 None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go None None None None None None None None None None 322 N/A None BodgeIt ", + "url": "/finding/322", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 610, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "335", + "object_id_int": 335, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None 27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa /vagrant/go/src/govwa/user/user.go None None None None None None None None None None 335 N/A None BodgeIt ", + "url": "/finding/335", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 611, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "334", + "object_id_int": 334, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 334 N/A None BodgeIt ", + "url": "/finding/334", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 612, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "300", + "object_id_int": 300, + "title": "Password Field With Autocomplete Enabled", + "description": "", + "content": "Password Field With Autocomplete Enabled None None None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 300 None None BodgeIt ", + "url": "/finding/300", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 613, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "338", + "object_id_int": 338, + "title": "Password Field With Autocomplete Enabled", + "description": "", + "content": "Password Field With Autocomplete Enabled None None None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 338 None None BodgeIt ", + "url": "/finding/338", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 614, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "284", + "object_id_int": 284, + "title": "URL Request Gets Path From Variable", + "description": "", + "content": "URL Request Gets Path From Variable None None None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None None None None None None None None None None None 284 None None BodgeIt ", + "url": "/finding/284", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 615, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "295", + "object_id_int": 295, + "title": "URL Request Gets Path From Variable", + "description": "", + "content": "URL Request Gets Path From Variable None None None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None None None None None None None None None None None 295 None None BodgeIt ", + "url": "/finding/295", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 616, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "292", + "object_id_int": 292, + "title": "URL Request Gets Path From Variable", + "description": "", + "content": "URL Request Gets Path From Variable None None None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n None None None S3 None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None None None None None None None None None None None 292 None None BodgeIt ", + "url": "/finding/292", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 617, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "303", + "object_id_int": 303, + "title": "Unencrypted Communications", + "description": "", + "content": "Unencrypted Communications None None None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None None None None None None None None None None None 303 None None BodgeIt ", + "url": "/finding/303", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 618, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "341", + "object_id_int": 341, + "title": "Unencrypted Communications", + "description": "", + "content": "Unencrypted Communications None None None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None None None None None None None None None None None 341 None None BodgeIt ", + "url": "/finding/341", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 619, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "229", + "object_id_int": 229, + "title": "Blind SQL Injections (basket.jsp)", + "description": "", + "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 229 N/A None BodgeIt ", + "url": "/finding/229", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 620, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "97", + "object_id_int": 97, + "title": "Blind SQL Injections (basket.jsp)", + "description": "", + "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 97 N/A None BodgeIt ", + "url": "/finding/97", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 621, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "79", + "object_id_int": 79, + "title": "Blind SQL Injections (login.jsp)", + "description": "", + "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 79 N/A None BodgeIt ", + "url": "/finding/79", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 622, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "211", + "object_id_int": 211, + "title": "Blind SQL Injections (login.jsp)", + "description": "", + "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 211 N/A None BodgeIt ", + "url": "/finding/211", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 623, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "157", + "object_id_int": 157, + "title": "Blind SQL Injections (password.jsp)", + "description": "", + "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 157 N/A None BodgeIt ", + "url": "/finding/157", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 624, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "25", + "object_id_int": 25, + "title": "Blind SQL Injections (password.jsp)", + "description": "", + "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 25 N/A None BodgeIt ", + "url": "/finding/25", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 625, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "240", + "object_id_int": 240, + "title": "Blind SQL Injections (register.jsp)", + "description": "", + "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 240 N/A None BodgeIt ", + "url": "/finding/240", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 626, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "108", + "object_id_int": 108, + "title": "Blind SQL Injections (register.jsp)", + "description": "", + "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 108 N/A None BodgeIt ", + "url": "/finding/108", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 627, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "80", + "object_id_int": 80, + "title": "Client DOM Open Redirect (advanced.jsp)", + "description": "", + "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 80 N/A None BodgeIt ", + "url": "/finding/80", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 628, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "212", + "object_id_int": 212, + "title": "Client DOM Open Redirect (advanced.jsp)", + "description": "", + "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 212 N/A None BodgeIt ", + "url": "/finding/212", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 629, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "149", + "object_id_int": 149, + "title": "Client Insecure Randomness (encryption.js)", + "description": "", + "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 149 N/A None BodgeIt ", + "url": "/finding/149", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 630, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "17", + "object_id_int": 17, + "title": "Client Insecure Randomness (encryption.js)", + "description": "", + "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 17 N/A None BodgeIt ", + "url": "/finding/17", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 631, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "22", + "object_id_int": 22, + "title": "Collapse of Data Into Unsafe Value (contact.jsp)", + "description": "", + "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "/finding/22", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 632, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "154", + "object_id_int": 154, + "title": "Collapse of Data Into Unsafe Value (contact.jsp)", + "description": "", + "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "/finding/154", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 633, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "178", + "object_id_int": 178, + "title": "Empty Password in Connection String (advanced.jsp)", + "description": "", + "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 178 N/A None BodgeIt ", + "url": "/finding/178", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 634, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "46", + "object_id_int": 46, + "title": "Empty Password in Connection String (advanced.jsp)", + "description": "", + "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 46 N/A None BodgeIt ", + "url": "/finding/46", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 635, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "267", + "object_id_int": 267, + "title": "Empty Password in Connection String (contact.jsp)", + "description": "", + "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 267 N/A None BodgeIt ", + "url": "/finding/267", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 636, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "135", + "object_id_int": 135, + "title": "Empty Password in Connection String (contact.jsp)", + "description": "", + "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 135 N/A None BodgeIt ", + "url": "/finding/135", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 637, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "190", + "object_id_int": 190, + "title": "Empty Password in Connection String (dbconnection.jspf)", + "description": "", + "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 190 N/A None BodgeIt ", + "url": "/finding/190", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 638, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "58", + "object_id_int": 58, + "title": "Empty Password in Connection String (dbconnection.jspf)", + "description": "", + "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 58 N/A None BodgeIt ", + "url": "/finding/58", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 639, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "71", + "object_id_int": 71, + "title": "Empty Password in Connection String (header.jsp)", + "description": "", + "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 71 N/A None BodgeIt ", + "url": "/finding/71", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 640, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "203", + "object_id_int": 203, + "title": "Empty Password in Connection String (header.jsp)", + "description": "", + "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 203 N/A None BodgeIt ", + "url": "/finding/203", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 641, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "64", + "object_id_int": 64, + "title": "Empty Password in Connection String (home.jsp)", + "description": "", + "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 64 N/A None BodgeIt ", + "url": "/finding/64", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 642, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "196", + "object_id_int": 196, + "title": "Empty Password in Connection String (home.jsp)", + "description": "", + "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 196 N/A None BodgeIt ", + "url": "/finding/196", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 643, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "53", + "object_id_int": 53, + "title": "Empty Password in Connection String (init.jsp)", + "description": "", + "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 53 N/A None BodgeIt ", + "url": "/finding/53", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 644, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "185", + "object_id_int": 185, + "title": "Empty Password in Connection String (init.jsp)", + "description": "", + "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 185 N/A None BodgeIt ", + "url": "/finding/185", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 645, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "123", + "object_id_int": 123, + "title": "Empty Password in Connection String (login.jsp)", + "description": "", + "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 123 N/A None BodgeIt ", + "url": "/finding/123", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 646, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "255", + "object_id_int": 255, + "title": "Empty Password in Connection String (login.jsp)", + "description": "", + "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 255 N/A None BodgeIt ", + "url": "/finding/255", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 647, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "31", + "object_id_int": 31, + "title": "Empty Password in Connection String (product.jsp)", + "description": "", + "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 31 N/A None BodgeIt ", + "url": "/finding/31", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 648, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "163", + "object_id_int": 163, + "title": "Empty Password in Connection String (product.jsp)", + "description": "", + "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 163 N/A None BodgeIt ", + "url": "/finding/163", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 649, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "42", + "object_id_int": 42, + "title": "Empty Password in Connection String (register.jsp)", + "description": "", + "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 42 N/A None BodgeIt ", + "url": "/finding/42", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 650, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "174", + "object_id_int": 174, + "title": "Empty Password in Connection String (register.jsp)", + "description": "", + "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 174 N/A None BodgeIt ", + "url": "/finding/174", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 651, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "120", + "object_id_int": 120, + "title": "Empty Password in Connection String (score.jsp)", + "description": "", + "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 120 N/A None BodgeIt ", + "url": "/finding/120", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 652, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "252", + "object_id_int": 252, + "title": "Empty Password in Connection String (score.jsp)", + "description": "", + "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 252 N/A None BodgeIt ", + "url": "/finding/252", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 653, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "244", + "object_id_int": 244, + "title": "Empty Password in Connection String (search.jsp)", + "description": "", + "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 244 N/A None BodgeIt ", + "url": "/finding/244", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 654, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "112", + "object_id_int": 112, + "title": "Empty Password in Connection String (search.jsp)", + "description": "", + "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 112 N/A None BodgeIt ", + "url": "/finding/112", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 655, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "204", + "object_id_int": 204, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "description": "", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 204 N/A None BodgeIt ", + "url": "/finding/204", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 656, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "72", + "object_id_int": 72, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "description": "", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 72 N/A None BodgeIt ", + "url": "/finding/72", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 657, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "273", + "object_id_int": 273, + "title": "Improper Resource Access Authorization (admin.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp None None None None None None None None None None 273 N/A None BodgeIt ", + "url": "/finding/273", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 658, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "201", + "object_id_int": 201, + "title": "Improper Resource Access Authorization (basket.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 201 N/A None BodgeIt ", + "url": "/finding/201", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 659, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "69", + "object_id_int": 69, + "title": "Improper Resource Access Authorization (basket.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 69 N/A None BodgeIt ", + "url": "/finding/69", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 660, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "119", + "object_id_int": 119, + "title": "Improper Resource Access Authorization (header.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 119 N/A None BodgeIt ", + "url": "/finding/119", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 661, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "251", + "object_id_int": 251, + "title": "Improper Resource Access Authorization (header.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 251 N/A None BodgeIt ", + "url": "/finding/251", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 662, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "237", + "object_id_int": 237, + "title": "Improper Resource Access Authorization (home.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 237 N/A None BodgeIt ", + "url": "/finding/237", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 663, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "105", + "object_id_int": 105, + "title": "Improper Resource Access Authorization (home.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 105 N/A None BodgeIt ", + "url": "/finding/105", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 664, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "95", + "object_id_int": 95, + "title": "Improper Resource Access Authorization (init.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 95 N/A None BodgeIt ", + "url": "/finding/95", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 665, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "227", + "object_id_int": 227, + "title": "Improper Resource Access Authorization (init.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 227 N/A None BodgeIt ", + "url": "/finding/227", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 666, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "250", + "object_id_int": 250, + "title": "Improper Resource Access Authorization (login.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 250 N/A None BodgeIt ", + "url": "/finding/250", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 667, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "118", + "object_id_int": 118, + "title": "Improper Resource Access Authorization (login.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 118 N/A None BodgeIt ", + "url": "/finding/118", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 668, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "32", + "object_id_int": 32, + "title": "Improper Resource Access Authorization (password.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 32 N/A None BodgeIt ", + "url": "/finding/32", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 669, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "164", + "object_id_int": 164, + "title": "Improper Resource Access Authorization (password.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 164 N/A None BodgeIt ", + "url": "/finding/164", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 670, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "198", + "object_id_int": 198, + "title": "Improper Resource Access Authorization (product.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 198 N/A None BodgeIt ", + "url": "/finding/198", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 671, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "66", + "object_id_int": 66, + "title": "Improper Resource Access Authorization (product.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 66 N/A None BodgeIt ", + "url": "/finding/66", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 672, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "271", + "object_id_int": 271, + "title": "Improper Resource Access Authorization (register.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 271 N/A None BodgeIt ", + "url": "/finding/271", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 673, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "139", + "object_id_int": 139, + "title": "Improper Resource Access Authorization (register.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 139 N/A None BodgeIt ", + "url": "/finding/139", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 674, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "246", + "object_id_int": 246, + "title": "Improper Resource Access Authorization (score.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 246 N/A None BodgeIt ", + "url": "/finding/246", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 675, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "114", + "object_id_int": 114, + "title": "Improper Resource Access Authorization (score.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 114 N/A None BodgeIt ", + "url": "/finding/114", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 676, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "104", + "object_id_int": 104, + "title": "Improper Resource Access Authorization (search.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 104 N/A None BodgeIt ", + "url": "/finding/104", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 677, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "236", + "object_id_int": 236, + "title": "Improper Resource Access Authorization (search.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 236 N/A None BodgeIt ", + "url": "/finding/236", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 678, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "36", + "object_id_int": 36, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "description": "", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 36 N/A None BodgeIt ", + "url": "/finding/36", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 679, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "168", + "object_id_int": 168, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "description": "", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 168 N/A None BodgeIt ", + "url": "/finding/168", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 680, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "106", + "object_id_int": 106, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 106 N/A None BodgeIt ", + "url": "/finding/106", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 681, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "238", + "object_id_int": 238, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 238 N/A None BodgeIt ", + "url": "/finding/238", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 682, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "245", + "object_id_int": 245, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 245 N/A None BodgeIt ", + "url": "/finding/245", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 683, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "132", + "object_id_int": 132, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 132 N/A None BodgeIt ", + "url": "/finding/132", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 684, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "210", + "object_id_int": 210, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 210 N/A None BodgeIt ", + "url": "/finding/210", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 685, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "113", + "object_id_int": 113, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 113 N/A None BodgeIt ", + "url": "/finding/113", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 686, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "78", + "object_id_int": 78, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 78 N/A None BodgeIt ", + "url": "/finding/78", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 687, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "264", + "object_id_int": 264, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 264 N/A None BodgeIt ", + "url": "/finding/264", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 688, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "275", + "object_id_int": 275, + "title": "Improper Resource Shutdown or Release (contact.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp None None None None None None None None None None 275 N/A None BodgeIt ", + "url": "/finding/275", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 689, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "144", + "object_id_int": 144, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 144 N/A None BodgeIt ", + "url": "/finding/144", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 690, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "12", + "object_id_int": 12, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 12 N/A None BodgeIt ", + "url": "/finding/12", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 691, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "76", + "object_id_int": 76, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 76 N/A None BodgeIt ", + "url": "/finding/76", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 692, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "208", + "object_id_int": 208, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 208 N/A None BodgeIt ", + "url": "/finding/208", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 693, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "253", + "object_id_int": 253, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 253 N/A None BodgeIt ", + "url": "/finding/253", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 694, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "121", + "object_id_int": 121, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 121 N/A None BodgeIt ", + "url": "/finding/121", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 695, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "122", + "object_id_int": 122, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 122 N/A None BodgeIt ", + "url": "/finding/122", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 696, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "254", + "object_id_int": 254, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 254 N/A None BodgeIt ", + "url": "/finding/254", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 697, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "232", + "object_id_int": 232, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 232 N/A None BodgeIt ", + "url": "/finding/232", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 698, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "100", + "object_id_int": 100, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 100 N/A None BodgeIt ", + "url": "/finding/100", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 699, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "93", + "object_id_int": 93, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 93 N/A None BodgeIt ", + "url": "/finding/93", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 700, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "225", + "object_id_int": 225, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 225 N/A None BodgeIt ", + "url": "/finding/225", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 701, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "143", + "object_id_int": 143, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "description": "", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 143 N/A None BodgeIt ", + "url": "/finding/143", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 702, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "11", + "object_id_int": 11, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "description": "", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 11 N/A None BodgeIt ", + "url": "/finding/11", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 703, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "29", + "object_id_int": 29, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 29 N/A None BodgeIt ", + "url": "/finding/29", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 704, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "161", + "object_id_int": 161, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 161 N/A None BodgeIt ", + "url": "/finding/161", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 705, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "235", + "object_id_int": 235, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 235 N/A None BodgeIt ", + "url": "/finding/235", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 706, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "103", + "object_id_int": 103, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 103 N/A None BodgeIt ", + "url": "/finding/103", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 707, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "49", + "object_id_int": 49, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 49 N/A None BodgeIt ", + "url": "/finding/49", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 708, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "181", + "object_id_int": 181, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 181 N/A None BodgeIt ", + "url": "/finding/181", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 709, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "129", + "object_id_int": 129, + "title": "Information Exposure Through an Error Message (header.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 129 N/A None BodgeIt ", + "url": "/finding/129", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 710, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "261", + "object_id_int": 261, + "title": "Information Exposure Through an Error Message (header.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 261 N/A None BodgeIt ", + "url": "/finding/261", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 711, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "176", + "object_id_int": 176, + "title": "Information Exposure Through an Error Message (home.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 176 N/A None BodgeIt ", + "url": "/finding/176", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 712, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "44", + "object_id_int": 44, + "title": "Information Exposure Through an Error Message (home.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 44 N/A None BodgeIt ", + "url": "/finding/44", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 713, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "256", + "object_id_int": 256, + "title": "Information Exposure Through an Error Message (login.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 256 N/A None BodgeIt ", + "url": "/finding/256", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 714, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "124", + "object_id_int": 124, + "title": "Information Exposure Through an Error Message (login.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 124 N/A None BodgeIt ", + "url": "/finding/124", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 715, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "136", + "object_id_int": 136, + "title": "Information Exposure Through an Error Message (product.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 136 N/A None BodgeIt ", + "url": "/finding/136", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 716, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "268", + "object_id_int": 268, + "title": "Information Exposure Through an Error Message (product.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 268 N/A None BodgeIt ", + "url": "/finding/268", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 717, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "94", + "object_id_int": 94, + "title": "Information Exposure Through an Error Message (register.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 94 N/A None BodgeIt ", + "url": "/finding/94", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 718, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "226", + "object_id_int": 226, + "title": "Information Exposure Through an Error Message (register.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 226 N/A None BodgeIt ", + "url": "/finding/226", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 719, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "219", + "object_id_int": 219, + "title": "Information Exposure Through an Error Message (score.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 219 N/A None BodgeIt ", + "url": "/finding/219", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 720, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "87", + "object_id_int": 87, + "title": "Information Exposure Through an Error Message (score.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 87 N/A None BodgeIt ", + "url": "/finding/87", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 721, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "107", + "object_id_int": 107, + "title": "Information Exposure Through an Error Message (search.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 107 N/A None BodgeIt ", + "url": "/finding/107", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 722, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "239", + "object_id_int": 239, + "title": "Information Exposure Through an Error Message (search.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 239 N/A None BodgeIt ", + "url": "/finding/239", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 723, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "84", + "object_id_int": 84, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 84 N/A None BodgeIt ", + "url": "/finding/84", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 724, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "142", + "object_id_int": 142, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 142 N/A None BodgeIt ", + "url": "/finding/142", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 725, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "216", + "object_id_int": 216, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 216 N/A None BodgeIt ", + "url": "/finding/216", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 726, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "10", + "object_id_int": 10, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 10 N/A None BodgeIt ", + "url": "/finding/10", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 727, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "153", + "object_id_int": 153, + "title": "Not Using a Random IV With CBC Mode (AES.java)", + "description": "", + "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 153 N/A None BodgeIt ", + "url": "/finding/153", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 728, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "21", + "object_id_int": 21, + "title": "Not Using a Random IV With CBC Mode (AES.java)", + "description": "", + "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 21 N/A None BodgeIt ", + "url": "/finding/21", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 729, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "180", + "object_id_int": 180, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "description": "", + "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 180 N/A None BodgeIt ", + "url": "/finding/180", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 730, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "48", + "object_id_int": 48, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "description": "", + "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 48 N/A None BodgeIt ", + "url": "/finding/48", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 731, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "70", + "object_id_int": 70, + "title": "Race Condition Format Flaw (basket.jsp)", + "description": "", + "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 70 N/A None BodgeIt ", + "url": "/finding/70", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 732, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "202", + "object_id_int": 202, + "title": "Race Condition Format Flaw (basket.jsp)", + "description": "", + "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 202 N/A None BodgeIt ", + "url": "/finding/202", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 733, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "130", + "object_id_int": 130, + "title": "Race Condition Format Flaw (product.jsp)", + "description": "", + "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 130 N/A None BodgeIt ", + "url": "/finding/130", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 734, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "262", + "object_id_int": 262, + "title": "Race Condition Format Flaw (product.jsp)", + "description": "", + "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 262 N/A None BodgeIt ", + "url": "/finding/262", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 735, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "30", + "object_id_int": 30, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 30 N/A None BodgeIt ", + "url": "/finding/30", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 736, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "162", + "object_id_int": 162, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 162 N/A None BodgeIt ", + "url": "/finding/162", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 737, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "109", + "object_id_int": 109, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 109 N/A None BodgeIt ", + "url": "/finding/109", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 738, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "241", + "object_id_int": 241, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 241 N/A None BodgeIt ", + "url": "/finding/241", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 739, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "221", + "object_id_int": 221, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 221 N/A None BodgeIt ", + "url": "/finding/221", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 740, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "89", + "object_id_int": 89, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 89 N/A None BodgeIt ", + "url": "/finding/89", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 741, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "218", + "object_id_int": 218, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 218 N/A None BodgeIt ", + "url": "/finding/218", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 742, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "86", + "object_id_int": 86, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 86 N/A None BodgeIt ", + "url": "/finding/86", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 743, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "37", + "object_id_int": 37, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 37 N/A None BodgeIt ", + "url": "/finding/37", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 744, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "169", + "object_id_int": 169, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 169 N/A None BodgeIt ", + "url": "/finding/169", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 745, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "128", + "object_id_int": 128, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 128 N/A None BodgeIt ", + "url": "/finding/128", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 746, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "260", + "object_id_int": 260, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 260 N/A None BodgeIt ", + "url": "/finding/260", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 747, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "23", + "object_id_int": 23, + "title": "Stored Boundary Violation (login.jsp)", + "description": "", + "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 23 N/A None BodgeIt ", + "url": "/finding/23", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 748, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "155", + "object_id_int": 155, + "title": "Stored Boundary Violation (login.jsp)", + "description": "", + "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 155 N/A None BodgeIt ", + "url": "/finding/155", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 749, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "205", + "object_id_int": 205, + "title": "Suspected XSS (contact.jsp)", + "description": "", + "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 205 N/A None BodgeIt ", + "url": "/finding/205", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 750, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "73", + "object_id_int": 73, + "title": "Suspected XSS (contact.jsp)", + "description": "", + "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 73 N/A None BodgeIt ", + "url": "/finding/73", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 751, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "171", + "object_id_int": 171, + "title": "Suspected XSS (password.jsp)", + "description": "", + "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 171 N/A None BodgeIt ", + "url": "/finding/171", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 752, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "39", + "object_id_int": 39, + "title": "Suspected XSS (password.jsp)", + "description": "", + "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 39 N/A None BodgeIt ", + "url": "/finding/39", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 753, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "243", + "object_id_int": 243, + "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", + "description": "", + "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 243 N/A None BodgeIt ", + "url": "/finding/243", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 754, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "111", + "object_id_int": 111, + "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", + "description": "", + "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 111 N/A None BodgeIt ", + "url": "/finding/111", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 755, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "282", + "object_id_int": 282, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 282 None None BodgeIt ", + "url": "/finding/282", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 756, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "299", + "object_id_int": 299, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 299 None None BodgeIt ", + "url": "/finding/299", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 757, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "298", + "object_id_int": 298, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 298 None None BodgeIt ", + "url": "/finding/298", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 758, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "294", + "object_id_int": 294, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 294 None None BodgeIt ", + "url": "/finding/294", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 759, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "293", + "object_id_int": 293, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 293 None None BodgeIt ", + "url": "/finding/293", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 760, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "291", + "object_id_int": 291, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 291 None None BodgeIt ", + "url": "/finding/291", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 761, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "290", + "object_id_int": 290, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 290 None None BodgeIt ", + "url": "/finding/290", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 762, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "289", + "object_id_int": 289, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 289 None None BodgeIt ", + "url": "/finding/289", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 763, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "287", + "object_id_int": 287, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 287 None None BodgeIt ", + "url": "/finding/287", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 764, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "286", + "object_id_int": 286, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 286 None None BodgeIt ", + "url": "/finding/286", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 765, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "297", + "object_id_int": 297, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 297 None None BodgeIt ", + "url": "/finding/297", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 766, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "285", + "object_id_int": 285, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 285 None None BodgeIt ", + "url": "/finding/285", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 767, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "296", + "object_id_int": 296, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 296 None None BodgeIt ", + "url": "/finding/296", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 768, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "306", + "object_id_int": 306, + "title": "Cross-Site Request Forgery", + "description": "", + "content": "Cross-Site Request Forgery None None None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None None None None None None None None None None None 306 None None BodgeIt ", + "url": "/finding/306", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 769, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "344", + "object_id_int": 344, + "title": "Cross-Site Request Forgery", + "description": "", + "content": "Cross-Site Request Forgery None None None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None None None None None None None None None None None 344 None None BodgeIt ", + "url": "/finding/344", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 770, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "343", + "object_id_int": 343, + "title": "Email Addresses Disclosed", + "description": "", + "content": "Email Addresses Disclosed None None None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None None None None None None None None None None None 343 None None BodgeIt ", + "url": "/finding/343", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 771, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "305", + "object_id_int": 305, + "title": "Email Addresses Disclosed", + "description": "", + "content": "Email Addresses Disclosed None None None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None None None None None None None None None None None 305 None None BodgeIt ", + "url": "/finding/305", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 772, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "301", + "object_id_int": 301, + "title": "Frameable Response (Potential Clickjacking)", + "description": "", + "content": "Frameable Response (Potential Clickjacking) None None None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 301 None None BodgeIt ", + "url": "/finding/301", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 773, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "339", + "object_id_int": 339, + "title": "Frameable Response (Potential Clickjacking)", + "description": "", + "content": "Frameable Response (Potential Clickjacking) None None None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 339 None None BodgeIt ", + "url": "/finding/339", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 774, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "308", + "object_id_int": 308, + "title": "Path-Relative Style Sheet Import", + "description": "", + "content": "Path-Relative Style Sheet Import None None None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 308 None None BodgeIt ", + "url": "/finding/308", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 775, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "346", + "object_id_int": 346, + "title": "Path-Relative Style Sheet Import", + "description": "", + "content": "Path-Relative Style Sheet Import None None None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 346 None None BodgeIt ", + "url": "/finding/346", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 776, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "279", + "object_id_int": 279, + "title": "Test", + "description": "", + "content": "Test None None No url given Info asdf adf asdf No references given S4 None None df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5 None None None None None None None None None None None 279 No url given None Internal CRM App ", + "url": "/finding/279", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 777, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "product" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Apple Accounting Software", + "description": "", + "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers high web production purchased 3 Billing", + "url": "/product/3", + "meta_encoded": "{\"prod_type__name\": \"Billing\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 778, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "1", + "object_id_int": 1, + "title": "ssh://127.0.0.1", + "description": "", + "content": "url ssh://127.0.0.1", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 779, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "2", + "object_id_int": 2, + "title": "127.0.0.1", + "description": "", + "content": "url 127.0.0.1", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 780, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "3", + "object_id_int": 3, + "title": "ftp://localhost/", + "description": "", + "content": "url ftp://localhost/", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 781, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "4", + "object_id_int": 4, + "title": "http://localhost:8888/", + "description": "", + "content": "url http://localhost:8888/", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 782, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "5", + "object_id_int": 5, + "title": "http://localhost:8888/bodgeit/", + "description": "", + "content": "url http://localhost:8888/bodgeit/", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 783, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "6", + "object_id_int": 6, + "title": "http://localhost:8888/bodgeit/about.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/about.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 784, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "7", + "object_id_int": 7, + "title": "http://localhost:8888/bodgeit/admin.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 785, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "8", + "object_id_int": 8, + "title": "http://localhost:8888/bodgeit/advanced.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 786, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "9", + "object_id_int": 9, + "title": "http://localhost:8888/bodgeit/basket.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 787, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "10", + "object_id_int": 10, + "title": "http://localhost:8888/bodgeit/contact.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 788, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "11", + "object_id_int": 11, + "title": "http://localhost:8888/bodgeit/home.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 789, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "12", + "object_id_int": 12, + "title": "http://localhost:8888/bodgeit/login.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 790, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "13", + "object_id_int": 13, + "title": "http://localhost:8888/bodgeit/logout.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/logout.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 791, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "14", + "object_id_int": 14, + "title": "http://localhost:8888/bodgeit/password.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 792, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "15", + "object_id_int": 15, + "title": "http://localhost:8888/bodgeit/product.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 793, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "16", + "object_id_int": 16, + "title": "http://localhost:8888/bodgeit/register.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 794, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "17", + "object_id_int": 17, + "title": "http://localhost:8888/bodgeit/score.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 795, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "18", + "object_id_int": 18, + "title": "http://localhost:8888/bodgeit/search.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 796, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "19", + "object_id_int": 19, + "title": "http://127.0.0.1/endpoint/420/edit/", + "description": "", + "content": "url http://127.0.0.1/endpoint/420/edit/", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "authtoken.token", + "pk": "184770c4c3256aba904297610fbb4da3fa15ba39", + "fields": { + "user": [ + "product_manager" + ], + "created": "2021-07-04T23:16:45.502Z" + } +}, +{ + "model": "authtoken.token", + "pk": "548afd6fab3bea9794a41b31da0e9404f733e222", + "fields": { + "user": [ + "admin" + ], + "created": "2021-07-04T23:16:45.506Z" + } +}, +{ + "model": "authtoken.token", + "pk": "6d45bc1d2e5cea8c4559edd68f910cc485f61708", + "fields": { + "user": [ + "user2" + ], + "created": "2021-07-04T23:16:45.509Z" + } +} +] diff --git a/dojo/fixtures/dojo_testdata_locations.json b/dojo/fixtures/dojo_testdata_locations.json new file mode 100644 index 00000000000..03c14889d08 --- /dev/null +++ b/dojo/fixtures/dojo_testdata_locations.json @@ -0,0 +1,3419 @@ +[ + { + "pk": 1, + "model": "auth.user", + "fields": { + "username": "admin", + "first_name": "", + "last_name": "", + "is_active": true, + "is_superuser": true, + "is_staff": true, + "last_login": "2018-04-17T06:00:43.171Z", + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$sT96yObJtsFk$F9YAJimsQqBXnff/QGLNTv100qhCNl/23hoBuNtSNZU=", + "email": "", + "date_joined": "2018-04-13T07:58:59.861Z" + } + }, + { + "pk": 2, + "model": "auth.user", + "fields": { + "username": "user1", + "first_name": "", + "last_name": "", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": null, + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$pe8Ff8HrBPac$Lb3ee6/R9z/aL9nM+D2AXWTpIt9Pa9kcLueXxYNy1ZY=", + "email": "", + "date_joined": "2018-04-13T07:59:51.527Z" + } + }, + { + "pk": 3, + "model": "auth.user", + "fields": { + "username": "user2", + "first_name": "", + "last_name": "", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": "2018-04-16T06:50:51.300Z", + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$1qzIv2IwPiUw$//wV1kpCO8jj+Vp46gOf4TDo2ITxex5/FdNPOldHlsQ=", + "email": "", + "date_joined": "2018-04-13T07:59:59.989Z" + } + }, + { + "pk": 4, + "model": "auth.user", + "fields": { + "username": "user3", + "first_name": "", + "last_name": "", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": null, + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$pe8Ff8HrBPac$Lb3ee6/R9z/aL9nM+D2AXWTpIt9Pa9kcLueXxYNy1ZY=", + "email": "", + "date_joined": "2018-04-13T07:59:51.527Z" + } + }, + { + "pk": 5, + "model": "auth.user", + "fields": { + "username": "user4", + "first_name": "", + "last_name": "", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": null, + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$pe8Ff8HrBPac$Lb3ee6/R9z/aL9nM+D2AXWTpIt9Pa9kcLueXxYNy1ZY=", + "email": "", + "date_joined": "2018-04-13T07:59:51.527Z" + } + }, + { + "pk": 6, + "model": "auth.user", + "fields": { + "username": "user5", + "first_name": "User", + "last_name": "Five", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": null, + "groups": [], + "user_permissions": [ + 218, + 220, + 26, + 28 + ], + "password": "pbkdf2_sha256$36000$pe8Ff8HrBPac$Lb3ee6/R9z/aL9nM+D2AXWTpIt9Pa9kcLueXxYNy1ZY=", + "email": "user5@email.com", + "date_joined": "2018-04-13T07:59:51.527Z" + } + }, + { + "pk": "2dqr18yqu9mzb87abk0okid75w2clakl", + "model": "sessions.session", + "fields": { + "expire_date": "2018-04-30T06:50:51.569Z", + "session_data": "ZmY5ZWRlNzI5OTdlMmMxNjBmNjQwODU2YWQ4ODlmNGUzNDUyOTljOTp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9tZXRyaWNzIiwidGl0bGUiOiJQcm9kdWN0IFR5cGUgTWV0cmljcyJ9XSwiX2F1dGhfdXNlcl9oYXNoIjoiODE0OTY0ZTdhNzUyNDQyZjM1MjczNTExMGVkZGZjNzc4YjE0MTU3MiIsIl9hdXRoX3VzZXJfaWQiOiIzIiwiX2F1dGhfdXNlcl9iYWNrZW5kIjoiZGphbmdvLmNvbnRyaWIuYXV0aC5iYWNrZW5kcy5Nb2RlbEJhY2tlbmQifQ==" + } + }, + { + "pk": "imsqmmk97qms70tz0e55yumkf5ehcfjw", + "model": "sessions.session", + "fields": { + "expire_date": "2018-05-01T06:00:43.175Z", + "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=" + } + }, + { + "pk": "ocg999bmxmjn5q2ebcddpzbr1a3ewpvt", + "model": "sessions.session", + "fields": { + "expire_date": "2018-04-27T07:59:39.760Z", + "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=" + } + }, + { + "pk": 1, + "model": "sites.site", + "fields": { + "domain": "example.com", + "name": "example.com" + } + }, + { + "pk": 1, + "model": "admin.logentry", + "fields": { + "action_flag": 1, + "action_time": "2018-04-13T07:59:51.689Z", + "object_repr": "user1", + "object_id": "2", + "change_message": "[{\"added\": {}}]", + "user": 1, + "content_type": 3 + } + }, + { + "pk": 2, + "model": "admin.logentry", + "fields": { + "action_flag": 1, + "action_time": "2018-04-13T08:00:00.153Z", + "object_repr": "user2", + "object_id": "3", + "change_message": "[{\"added\": {}}]", + "user": 1, + "content_type": 3 + } + }, + { + "model": "auditlog.logentry", + "pk": 803, + "fields": { + "content_type": 28, + "object_pk": "1", + "object_id": 1, + "object_repr": "BodgeIt", + "action": 0, + "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"BodgeIt\"], \"description\": [\"None\", \"[Features](https://github.com/psiinon/bodgeit) and characteristics:\\r\\n\\r\\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\\r\\n* Self contained (no additional dependencies other than to 2 in the above line)\\r\\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\\r\\n* Cross platform\\r\\n* Open source\\r\\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"], \"team_manager\": [\"None\", \"(product_manager)\"], \"prod_type\": [\"None\", \"Commerce\"], \"id\": [\"None\", \"1\"], \"tid\": [\"None\", \"0\"], \"prod_numeric_grade\": [\"None\", \"5\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"internal\"], \"user_records\": [\"None\", \"1000000000\"], \"revenue\": [\"None\", \"1000.00\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"True\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}", + "actor": null, + "remote_addr": null, + "timestamp": "2021-10-22T01:24:54.921Z", + "additional_data": null + } + }, + { + "model": "auditlog.logentry", + "pk": 804, + "fields": { + "content_type": 28, + "object_pk": "2", + "object_id": 2, + "object_repr": "Internal CRM App", + "action": 0, + "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"Internal CRM App\"], \"description\": [\"None\", \"* New product in development that attempts to follow all best practices\"], \"product_manager\": [\"None\", \"(product_manager)\"], \"technical_contact\": [\"None\", \"(product_manager)\"], \"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Commerce\"], \"id\": [\"None\", \"2\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"medium\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"construction\"], \"origin\": [\"None\", \"internal\"], \"external_audience\": [\"None\", \"False\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}", + "actor": null, + "remote_addr": null, + "timestamp": "2021-10-22T01:24:55.044Z", + "additional_data": null + } + }, + { + "model": "auditlog.logentry", + "pk": 805, + "fields": { + "content_type": 28, + "object_pk": "3", + "object_id": 3, + "object_repr": "Apple Accounting Software", + "action": 0, + "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"Apple Accounting Software\"], \"description\": [\"None\", \"Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\\r\\n\\r\\n**Core modules**\\r\\n\\r\\n* Accounts receivable\\u2014where the company enters money received\\r\\n* Accounts payable\\u2014where the company enters its bills and pays money it owes\\r\\n* General ledger\\u2014the company's \\\"books\\\"\\r\\n* Billing\\u2014where the company produces invoices to clients/customers\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"], \"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Billing\"], \"id\": [\"None\", \"3\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"purchased\"], \"user_records\": [\"None\", \"5000\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}", + "actor": null, + "remote_addr": null, + "timestamp": "2021-10-22T01:24:55.071Z", + "additional_data": null + } + }, + { + "pk": 1, + "model": "dojo.system_settings", + "fields": { + "jira_labels": null, + "team_name": "", + "url_prefix": "", + "enable_slack_notifications": false, + "enable_mail_notifications": false, + "enable_webhooks_notifications": false, + "email_from": "no-reply@example.com", + "false_positive_history": false, + "msteams_url": "", + "slack_token": "", + "jira_minimum_severity": "Low", + "max_dupes": 1, + "slack_username": "", + "enable_msteams_notifications": false, + "enable_deduplication": true, + "delete_duplicates": false, + "slack_channel": "", + "mail_notifications_to": "", + "enable_jira": false, + "enable_product_grade": true, + "product_grade_a": 90, + "product_grade_b": 80, + "product_grade_c": 70, + "product_grade_d": 60, + "product_grade_f": 59 + } + }, + { + "pk": 1, + "model": "dojo.usercontactInfo", + "fields": { + "phone_number": "", + "slack_username": null, + "cell_number": "", + "title": null, + "twitter_username": "#admin", + "user": 1, + "block_execution": false, + "github_username": null + } + }, + { + "pk": 2, + "model": "dojo.usercontactInfo", + "fields": { + "phone_number": "", + "slack_username": null, + "cell_number": "", + "title": null, + "twitter_username": null, + "user": 2, + "block_execution": false, + "github_username": null + } + }, + { + "pk": 3, + "model": "dojo.usercontactInfo", + "fields": { + "phone_number": "", + "slack_username": null, + "cell_number": "", + "title": null, + "twitter_username": null, + "user": 3, + "block_execution": false, + "github_username": null + } + }, + { + "pk": 1, + "model": "dojo.product_type", + "fields": { + "critical_product": true, + "name": "books", + "key_product": true + } + }, + { + "pk": 2, + "model": "dojo.product_type", + "fields": { + "critical_product": true, + "name": "ebooks", + "key_product": false + } + }, + { + "pk": 3, + "model": "dojo.product_type", + "fields": { + "critical_product": false, + "name": "podcast", + "key_product": true + } + }, + { + "pk": 1, + "model": "dojo.product_type_member", + "fields": { + "product_type": 1, + "user": 1, + "role": 4 + } + }, + { + "pk": 2, + "model": "dojo.product_type_member", + "fields": { + "product_type": 1, + "user": 2, + "role": 4 + } + }, + { + "pk": 1, + "model": "dojo.report_type", + "fields": { + "name": "Type 1", + "id": 1 + } + }, + { + "pk": 2, + "model": "dojo.report_type", + "fields": { + "name": "Type 2", + "id": 2 + } + }, + { + "pk": 3, + "model": "dojo.report_type", + "fields": { + "name": "Type 3", + "id": 3 + } + }, + { + "pk": 1, + "model": "dojo.test_type", + "fields": { + "dynamic_tool": true, + "static_tool": false, + "name": "ZAP Scan" + } + }, + { + "pk": 2, + "model": "dojo.test_type", + "fields": { + "dynamic_tool": false, + "static_tool": true, + "name": "BURP Scan" + } + }, + { + "pk": 3, + "model": "dojo.test_type", + "fields": { + "dynamic_tool": true, + "static_tool": true, + "name": "NESSUS Scan" + } + }, + { + "pk": 120, + "model": "dojo.test_type", + "fields": { + "name": "Xanitizer Scan" + } + }, + { + "pk": 555, + "model": "dojo.test_type", + "fields": { + "name": "Veracode Scan" + } + }, + { + "pk": 999, + "model": "dojo.test_type", + "fields": { + "name": "Checkmarx Scan detailed" + } + }, + { + "pk": 1, + "model": "dojo.product", + "fields": { + "updated": null, + "prod_type": 1, + "name": "Python How-to", + "created": null, + "technical_contact": 3, + "product_manager": 1, + "team_manager": 2, + "tid": 0, + "description": "test product" + } + }, + { + "pk": 2, + "model": "dojo.product", + "fields": { + "updated": null, + "prod_type": 2, + "name": "Security How-to", + "created": null, + "technical_contact": 2, + "product_manager": 2, + "team_manager": 3, + "tid": 0, + "description": "test product" + } + }, + { + "pk": 3, + "model": "dojo.product", + "fields": { + "updated": null, + "prod_type": 3, + "name": "Security Podcast", + "created": null, + "technical_contact": 3, + "product_manager": 1, + "team_manager": 3, + "tid": 0, + "description": "test product" + } + }, + { + "pk": 1, + "model": "dojo.product_member", + "fields": { + "product": 1, + "user": 1, + "role": 4 + } + }, + { + "pk": 2, + "model": "dojo.product_member", + "fields": { + "product": 1, + "user": 2, + "role": 4 + } + }, + { + "pk": 4, + "model": "dojo.product_member", + "fields": { + "product": 2, + "user": 2, + "role": 4 + } + }, + { + "pk": 6, + "model": "dojo.product_member", + "fields": { + "product": 3, + "user": 1, + "role": 4 + } + }, + { + "pk": 1, + "model": "dojo.app_analysis", + "fields": { + "product": 1, + "name": "Tomcat", + "user": [ + "admin" + ], + "confidence": 100, + "version": "8.5.1", + "icon": null, + "website": null, + "website_found": null, + "created": "2018-08-16T16:58:23.908Z" + } + }, + { + "pk": 1, + "model": "dojo.notes", + "fields": { + "note_type": null, + "entry": "test note", + "date": "2020-07-14T13:13:46.172Z", + "author": 2, + "private": false, + "edited": false, + "editor": null, + "edit_time": "2020-07-14T13:13:46.172Z", + "history": [] + } + }, + { + "pk": 1, + "model": "dojo.engagement", + "fields": { + "product": 2, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [], + "lead": 2, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "In Progress", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-12", + "name": "1st Quarter Engagement", + "check_list": true, + "target_start": "2018-04-12", + "api_test": true, + "deduplication_on_engagement": true + } + }, + { + "pk": 2, + "model": "dojo.engagement", + "fields": { + "product": 1, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [ + 1 + ], + "lead": 1, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "Completed", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-12", + "name": "April monthly engagement", + "check_list": true, + "target_start": "2018-04-12", + "api_test": true, + "deduplication_on_engagement": true + } + }, + { + "pk": 3, + "model": "dojo.engagement", + "fields": { + "product": 2, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [], + "lead": 2, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "Completed", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-04", + "name": "weekly engagement", + "check_list": true, + "target_start": "2018-04-03", + "api_test": true, + "deduplication_on_engagement": true, + "notes": [ + 1 + ] + } + }, + { + "pk": 4, + "model": "dojo.engagement", + "fields": { + "product": 2, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [], + "lead": 1, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "Completed", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-12", + "name": "April monthly engagement", + "check_list": true, + "target_start": "2018-04-12", + "api_test": true, + "deduplication_on_engagement": true + } + }, + { + "pk": 5, + "model": "dojo.engagement", + "fields": { + "product": 2, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [], + "lead": 1, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "Completed", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-12", + "name": "April monthly engagement2", + "check_list": true, + "target_start": "2018-04-12", + "api_test": true, + "deduplication_on_engagement": true + } + }, + { + "model": "dojo.risk_acceptance", + "pk": 1, + "fields": { + "name": "Accept: Qwegqer", + "recommendation": "A", + "recommendation_details": "Fix the issue", + "decision": "A", + "decision_details": "The issue is not that big of a deal", + "accepted_by": "Somebody", + "path": "", + "owner": 1, + "expiration_date": "2023-08-28T00:00:00Z", + "expiration_date_warned": null, + "expiration_date_handled": null, + "reactivate_expired": true, + "restart_sla_expired": false, + "created": "2023-03-01T22:12:43.829Z", + "updated": "2023-03-01T22:12:43.891Z", + "accepted_findings": [ + 226 + ], + "notes": [] + } + }, + { + "pk": 6, + "model": "dojo.engagement", + "fields": { + "product": 2, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [], + "lead": 1, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "Completed", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-12", + "name": "April monthly engagement3", + "check_list": true, + "target_start": "2018-04-12", + "api_test": true, + "deduplication_on_engagement": true + } + }, + { + "pk": 1, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "http://127.0.0.1/endpoint/420/edit/" + } + }, + { + "pk": 2, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "ftp://localhost" + } + }, + { + "pk": 3, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "ssh://127.0.0.1" + } + }, + { + "pk": 4, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "ftp://foo.bar" + } + }, + { + "pk": 5, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "http://foo.bar" + } + }, + { + "pk": 6, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "http://bar.foo" + } + }, + { + "pk": 7, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "https://bar.foo" + } + }, + { + "pk": 8, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "https://bar.foo/f6" + } + }, + { + "pk": 1, + "model": "dojo.url", + "fields": { + "location": 1, + "protocol": "http", + "fragment": "", + "host": "127.0.0.1", + "query": "", + "path": "endpoint/420/edit/", + "port": 80, + "hash": "f28d3752e452cde3e00a3aaf885fe153037ae69d9726e6a0936ee7da3225c1ad" + } + }, + { + "pk": 2, + "model": "dojo.url", + "fields": { + "location": 2, + "protocol": "ftp", + "fragment": "", + "host": "localhost", + "query": "", + "path": "", + "port": 21, + "hash": "025d6b16f8cfba2d8e15e85deb81963a84d5dd3c700614f8e8fda87378cf58aa" + } + }, + { + "pk": 3, + "model": "dojo.url", + "fields": { + "location": 3, + "protocol": "ssh", + "fragment": "", + "host": "127.0.0.1", + "query": "", + "path": "", + "port": 22, + "hash": "03009c0636425af566fb6b737db82852812fe2969107ef299530a248f78c4761" + } + }, + { + "pk": 4, + "model": "dojo.url", + "fields": { + "location": 4, + "protocol": "ftp", + "fragment": "", + "host": "foo.bar", + "query": "", + "path": "", + "port": 21, + "hash": "3c82808602507ea78a48dc605d86476f5cc609f99d446d1a9c9539d5c7c10166" + } + }, + { + "pk": 5, + "model": "dojo.url", + "fields": { + "location": 5, + "protocol": "http", + "fragment": "", + "host": "foo.bar", + "query": "", + "path": "", + "port": 80, + "hash": "c1f60206ce7dac6202baec6f6251006e499113356869f605d0168f13e1d593ac" + } + }, + { + "pk": 6, + "model": "dojo.url", + "fields": { + "location": 6, + "protocol": "http", + "fragment": "", + "host": "bar.foo", + "query": "", + "path": "", + "port": 80, + "hash": "99e0dbdf63598bfa7c3310a6785638117134c44ac59a38785e9e81fece0878da" + } + }, + { + "pk": 7, + "model": "dojo.url", + "fields": { + "location": 7, + "protocol": "https", + "fragment": "", + "host": "bar.foo", + "query": "", + "path": "", + "port": 443, + "hash": "26259e2d4e77789a856808509ba2d9a50838bdc76d71f596a1bb346bbcb30332" + } + }, + { + "pk": 8, + "model": "dojo.url", + "fields": { + "location": 8, + "protocol": "https", + "fragment": "", + "host": "bar.foo", + "query": "", + "path": "f6", + "port": 443, + "hash": "4e5614106ea6ca9c15c3328731036b06ab32c45fb2ed013601350748e2d3ed85" + } + }, + { + "pk": 1, + "model": "dojo.locationfindingreference", + "fields": { + "location": 2, + "finding": 2, + "status": "Active" + } + }, + { + "pk": 2, + "model": "dojo.locationfindingreference", + "fields": { + "location": 5, + "finding": 227, + "status": "Mitigated" + } + }, + { + "pk": 3, + "model": "dojo.locationfindingreference", + "fields": { + "location": 5, + "finding": 228, + "status": "FalsePositive" + } + }, + { + "pk": 4, + "model": "dojo.locationfindingreference", + "fields": { + "location": 5, + "finding": 229, + "status": "OutOfScope" + } + }, + { + "pk": 5, + "model": "dojo.locationfindingreference", + "fields": { + "location": 5, + "finding": 230, + "status": "RiskAccepted" + } + }, + { + "pk": 6, + "model": "dojo.locationfindingreference", + "fields": { + "location": 6, + "finding": 227, + "status": "Mitigated" + } + }, + { + "pk": 7, + "model": "dojo.locationfindingreference", + "fields": { + "location": 7, + "finding": 227, + "status": "Active" + } + }, + { + "pk": 8, + "model": "dojo.locationfindingreference", + "fields": { + "location": 8, + "finding": 231, + "status": "Active" + } + }, + { + "pk": 1, + "model": "dojo.locationproductreference", + "fields": { + "location": 6, + "product": 1, + "status": "Active" + } + }, + { + "pk": 1, + "model": "dojo.development_environment", + "fields": { + "name": "Development" + } + }, + { + "pk": 3, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 1, + "scan_type": "ZAP Scan", + "engagement": 1, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 4, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 1, + "scan_type": "ZAP Scan", + "title": "My ZAP Scan", + "engagement": 4, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 33, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 120, + "engagement": 3, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 55, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 999, + "scan_type": "Checkmarx Scan detailed", + "engagement": 5, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 66, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 999, + "scan_type": "Checkmarx Scan detailed", + "engagement": 5, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 77, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 555, + "scan_type": "Veracode Scan", + "engagement": 5, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 88, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 555, + "engagement": 5, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 13, + "model": "dojo.test", + "fields": { + "lead": 2, + "test_type": 1, + "engagement": 2, + "environment": 1, + "target_start": "2018-01-01T01:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2018-01-02T01:00:00Z" + } + }, + { + "pk": 14, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 1, + "engagement": 1, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [ + 1 + ], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 89, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 1, + "scan_type": "ZAP Scan", + "title": "Location mitigation tests", + "engagement": 2, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 2, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2020-05-21", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "High", + "false_p": false, + "verified": true, + "severity": "High", + "title": "High Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": false, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 3, + "out_of_scope": false, + "cwe": null, + "file_path": "", + "duplicate_finding": null, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": true, + "line": null, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", + "last_reviewed": null + } + }, + { + "pk": 3, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2021-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "High", + "false_p": false, + "verified": false, + "severity": "High", + "title": "High Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 3, + "out_of_scope": false, + "cwe": null, + "file_path": "", + "duplicate_finding": 2, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": null, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", + "last_reviewed": null + } + }, + { + "pk": 4, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2018-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "High", + "false_p": false, + "verified": false, + "severity": "High", + "title": "High Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 3, + "out_of_scope": false, + "cwe": null, + "file_path": "", + "duplicate_finding": 2, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": null, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", + "last_reviewed": null + } + }, + { + "pk": 5, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2018-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "High", + "false_p": false, + "verified": false, + "severity": "High", + "title": "High Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 3, + "out_of_scope": false, + "cwe": null, + "file_path": "", + "duplicate_finding": 2, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": null, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", + "last_reviewed": null + } + }, + { + "pk": 6, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2018-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "High", + "false_p": false, + "verified": false, + "severity": "High", + "title": "High Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 3, + "out_of_scope": false, + "cwe": null, + "file_path": "", + "duplicate_finding": 2, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": null, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", + "last_reviewed": null + } + }, + { + "pk": 7, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2017-12-31", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "High", + "false_p": false, + "verified": false, + "severity": "High", + "title": "DUMMY FINDING", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": false, + "mitigation": "MITIGATION", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 3, + "out_of_scope": false, + "cwe": 1, + "file_path": "", + "duplicate_finding": null, + "description": "TEST finding", + "mitigated_by": null, + "reporter": 2, + "mitigated": null, + "active": false, + "line": 100, + "under_review": false, + "defect_review_requested_by": 2, + "review_requested_by": 2, + "thread_id": 1, + "url": "http://www.example.com", + "notes": [ + 1 + ], + "dynamic_finding": false, + "hash_code": "c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0", + "last_reviewed": null + } + }, + { + "pk": 22, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2020-05-21", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": true, + "severity": "Low", + "title": "Low Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": false, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 33, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": null, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": true, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", + "last_reviewed": null + } + }, + { + "pk": 23, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2021-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": false, + "severity": "Low", + "title": "Low Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 33, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": 22, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", + "last_reviewed": null + } + }, + { + "pk": 24, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2018-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": false, + "severity": "Low", + "title": "Low Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 33, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": 22, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", + "last_reviewed": null + } + }, + { + "pk": 124, + "model": "dojo.finding", + "fields": { + "unique_id_from_tool": 12345, + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2020-05-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": true, + "severity": "Low", + "title": "Low Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": false, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 55, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": null, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": true, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", + "last_reviewed": null + } + }, + { + "pk": 125, + "model": "dojo.finding", + "fields": { + "unique_id_from_tool": 12345, + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2018-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": false, + "severity": "Low", + "title": "Low Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 55, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": null, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", + "last_reviewed": null + } + }, + { + "pk": 224, + "model": "dojo.finding", + "fields": { + "unique_id_from_tool": 6789, + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2020-05-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": true, + "severity": "Low", + "title": "UID Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": false, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 77, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": null, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": true, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "6f8d0bf970c14175e597843f4679769a4775742549d90f902ff803de9244c7e1", + "last_reviewed": null + } + }, + { + "pk": 225, + "model": "dojo.finding", + "fields": { + "unique_id_from_tool": 6789, + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2018-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": false, + "severity": "Low", + "title": "UID Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 77, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": 224, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "6f8d0bf970c14175e597843f4679769a4775742549d90f902ff803de9244c7e1", + "last_reviewed": null + } + }, + { + "model": "dojo.finding", + "pk": 226, + "fields": { + "title": "Test Location Mitigation - Finding F1 Without Locations", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": true, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "a6dd6bd359ff0b504a21b8a7ae5e59f1b40dd0fa1715728bd58de8f688f01b19", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:12:52.966Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 227, + "fields": { + "title": "Test Location Mitigation - Finding F2 With Many Locations", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "fde7dd425475851bd90a21e376eccbe753f84f94680c4394521a831846bd3aeb", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:13:23.760Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 228, + "fields": { + "title": "Test Location Mitigation - Finding F3 EPS False Positive", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "24cd769b8b4404d95b689902931317a614c3803bbd5b161e36076eaa6a08c672", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:13:49.275Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 229, + "fields": { + "title": "Test Location Mitigation - Finding F4 EPS Out of Scope", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "ab2a512956a76441ac537b0e78316709413be2599d37283caa7e20d92f8fa9fe", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:14:13.898Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 230, + "fields": { + "title": "Test Location Mitigation - Finding F5 EPS Risk Accepted", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "9a80eb44b140b5d11adaac4e478f3cb74c92625a42892ab8cba4fbba72e6d733", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:14:38.406Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 231, + "fields": { + "title": "Test Location Mitigation - Finding F6 Mitigated", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": false, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": true, + "mitigated": "2022-10-15T23:17:03.431Z", + "mitigated_by": 1, + "reporter": 1, + "numerical_severity": "S4", + "last_reviewed": "2022-10-15T23:17:03.431Z", + "last_reviewed_by": 1, + "hash_code": "6eb2b8bffe1ca07719a7249ef18403057a5bc0c834866b0a49d0f706bcec913e", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:15:34.814Z", + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "pk": 1, + "model": "dojo.burprawrequestresponse", + "fields": { + "finding": 7, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } + }, + { + "pk": 2, + "model": "dojo.stub_finding", + "fields": { + "description": "test stub finding", + "reporter": 1, + "title": "test stub finding 1", + "test": 3, + "date": "2017-12-20", + "severity": "High" + } + }, + { + "pk": 3, + "model": "dojo.stub_finding", + "fields": { + "description": "test stub finding", + "reporter": 1, + "title": "test stub finding 2", + "test": 14, + "date": "2017-12-20", + "severity": "High" + } + }, + { + "pk": 4, + "model": "dojo.stub_finding", + "fields": { + "description": "test stub finding", + "reporter": 1, + "title": "test stub finding 3", + "test": 13, + "date": "2017-12-20", + "severity": "High" + } + }, + { + "pk": 1, + "model": "dojo.finding_template", + "fields": { + "impact": "", + "description": "XSS test template", + "title": "XSS template", + "mitigation": "", + "references": "", + "numerical_severity": null, + "cwe": null, + "severity": "High" + } + }, + { + "pk": 2, + "model": "dojo.finding_template", + "fields": { + "impact": "", + "description": "SQLi test template", + "title": "SQLi template", + "mitigation": "", + "references": "", + "numerical_severity": null, + "cwe": null, + "severity": "High" + } + }, + { + "pk": 3, + "model": "dojo.finding_template", + "fields": { + "impact": "", + "description": "CSRF test template", + "title": "CSRF template", + "mitigation": "", + "references": "", + "numerical_severity": null, + "cwe": null, + "severity": "Medium" + } + }, + { + "pk": 2, + "model": "dojo.jira_instance", + "fields": { + "configuration_name": "Happy little JIRA 2", + "url": "https://defectdojo.atlassian.net/", + "username": "[YOUR USERNAME]", + "password": "[YOUR API TOKEN]", + "default_issue_type": "Task", + "epic_name_id": 10011, + "open_status_key": 11, + "close_status_key": 41, + "info_mapping_severity": "Lowest", + "low_mapping_severity": "Low", + "medium_mapping_severity": "Medium", + "high_mapping_severity": "High", + "critical_mapping_severity": "Highest", + "finding_text": "", + "global_jira_sla_notification": false + } + }, + { + "pk": 3, + "model": "dojo.jira_instance", + "fields": { + "configuration_name": "Happy little JIRA 3", + "username": "defect.dojo", + "default_issue_type": "Task", + "finding_text": "", + "info_mapping_severity": "Trivial", + "low_mapping_severity": "test severity", + "url": "http://www.testjira.com", + "medium_mapping_severity": "test severity", + "open_status_key": 222, + "close_status_key": 223, + "critical_mapping_severity": "test severity", + "high_mapping_severity": "test severity", + "password": "user2", + "epic_name_id": 222 + } + }, + { + "pk": 4, + "model": "dojo.jira_instance", + "fields": { + "configuration_name": "Happy little JIRA 4", + "username": "defect.dojo", + "default_issue_type": "Spike", + "finding_text": "", + "info_mapping_severity": "Trivial", + "low_mapping_severity": "test severity", + "url": "http://www.testjira.com", + "medium_mapping_severity": "test severity", + "open_status_key": 333, + "close_status_key": 334, + "critical_mapping_severity": "test severity", + "high_mapping_severity": "test severity", + "password": "user3", + "epic_name_id": 333 + } + }, + { + "pk": 2, + "model": "dojo.jira_issue", + "fields": { + "jira_key": "222", + "finding": 5, + "jira_id": "2", + "engagement": null + } + }, + { + "pk": 3, + "model": "dojo.jira_issue", + "fields": { + "jira_key": "333", + "finding": null, + "jira_id": "333", + "engagement": 1 + } + }, + { + "pk": 4, + "model": "dojo.jira_issue", + "fields": { + "jira_key": "666", + "finding": null, + "jira_id": "666", + "engagement": null + } + }, + { + "pk": 1, + "model": "dojo.jira_project", + "fields": { + "push_notes": false, + "product": 1, + "push_all_issues": false, + "component": "", + "enable_engagement_epic_mapping": true, + "jira_instance": 2, + "project_key": "NTEST" + } + }, + { + "pk": 2, + "model": "dojo.jira_project", + "fields": { + "push_notes": true, + "product": 2, + "push_all_issues": false, + "component": "", + "enable_engagement_epic_mapping": false, + "jira_instance": 2, + "project_key": "NTEST" + } + }, + { + "pk": 3, + "model": "dojo.jira_project", + "fields": { + "push_notes": true, + "engagement": 3, + "push_all_issues": false, + "component": "", + "enable_engagement_epic_mapping": true, + "jira_instance": 2, + "project_key": "NTEST" + } + }, + { + "pk": 1, + "model": "dojo.note_type", + "fields": { + "name": "Test Note Type", + "description": "not that much", + "is_single": false, + "is_active": true, + "is_mandatory": false + } + }, + { + "pk": 1, + "model": "dojo.tool_type", + "fields": { + "name": "Tool Type 1", + "description": "test type" + } + }, + { + "pk": 2, + "model": "dojo.tool_type", + "fields": { + "name": "Tool Type 2", + "description": "test type" + } + }, + { + "pk": 3, + "model": "dojo.tool_type", + "fields": { + "name": "Tool Type 3", + "description": "test type" + } + }, + { + "pk": 1, + "model": "dojo.tool_configuration", + "fields": { + "username": "user1", + "password": "user1", + "tool_type": 1, + "name": "Tool Configuration 1", + "url": "http://www.example.com", + "auth_title": "", + "authentication_type": "Password", + "ssh": "", + "api_key": "", + "description": "test configuration" + } + }, + { + "pk": 2, + "model": "dojo.tool_configuration", + "fields": { + "username": "", + "password": "", + "tool_type": 2, + "name": "Tool Configuration 2", + "url": "http://www.example.com", + "auth_title": "test key", + "authentication_type": "API", + "ssh": "", + "api_key": "test string", + "description": "test configuration" + } + }, + { + "pk": 3, + "model": "dojo.tool_configuration", + "fields": { + "username": "", + "password": "", + "tool_type": 3, + "name": "Tool Configuration 3", + "url": "http://www.example.com", + "auth_title": "test ssh", + "authentication_type": "SSH", + "ssh": "test string", + "api_key": "", + "description": "test configuration" + } + }, + { + "pk": 1, + "model": "dojo.sonarqube_issue", + "fields": { + "key": "AREwS5n5TxsDNHm31CxP", + "status": "OPEN", + "type": "VULNERABILITY" + } + }, + { + "pk": 1, + "model": "dojo.sonarqube_issue_transition", + "fields": { + "sonarqube_issue": 1, + "created": "2020-06-23T22:37:10.369Z", + "finding_status": "Active, Verified", + "sonarqube_status": "OPEN", + "transitions": "confirm" + } + }, + { + "pk": 1, + "model": "dojo.product_api_scan_configuration", + "fields": { + "product": 2, + "service_key_1": "dojo_sonar_key", + "tool_configuration": 3 + } + }, + { + "pk": 1, + "model": "dojo.tool_product_settings", + "fields": { + "product": 1, + "name": "Product Setting 1", + "tool_configuration": 1, + "url": "http://www.example.com", + "notes": [], + "tool_project_id": "1", + "description": "test product setting" + } + }, + { + "pk": 2, + "model": "dojo.tool_product_settings", + "fields": { + "product": 1, + "name": "Product Setting 2", + "tool_configuration": 2, + "url": "http://www.example.com", + "notes": [], + "tool_project_id": "2", + "description": "test product setting" + } + }, + { + "pk": 3, + "model": "dojo.tool_product_settings", + "fields": { + "product": 1, + "name": "Product Setting 3", + "tool_configuration": 3, + "url": "http://www.example.com", + "notes": [], + "tool_project_id": "3", + "description": "test product setting" + } + }, + { + "pk": 1, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Python How-to", + "url": "", + "object_id": "1", + "content": "Python How-to test product 0 0 0", + "content_type": 21, + "object_id_int": 1 + } + }, + { + "pk": 2, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Security How-to", + "url": "", + "object_id": "2", + "content": "Security How-to test product 0 0 0", + "content_type": 21, + "object_id_int": 2 + } + }, + { + "pk": 3, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Security Podcast", + "url": "", + "object_id": "3", + "content": "Security Podcast test product 0 0 0", + "content_type": 21, + "object_id_int": 3 + } + }, + { + "pk": 4, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Web Scan (Dec 01, 2017)", + "url": "", + "object_id": "3", + "content": "", + "content_type": 31, + "object_id_int": 3 + } + }, + { + "pk": 5, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Web Scan (Jan 01, 2018)", + "url": "", + "object_id": "13", + "content": "", + "content_type": 31, + "object_id_int": 13 + } + }, + { + "pk": 6, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Web Scan (Dec 01, 2017)", + "url": "", + "object_id": "14", + "content": "", + "content_type": 31, + "object_id_int": 14 + } + }, + { + "pk": 7, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "2", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 2 + } + }, + { + "pk": 8, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "3", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 3 + } + }, + { + "pk": 9, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "4", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 4 + } + }, + { + "pk": 10, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "5", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 5 + } + }, + { + "pk": 11, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "6", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 6 + } + }, + { + "pk": 23, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Python How-to", + "url": "", + "object_id": "1", + "content": "Python How-to test product 0 0 0", + "content_type": 21, + "object_id_int": 1 + } + }, + { + "pk": 24, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Security How-to", + "url": "", + "object_id": "2", + "content": "Security How-to test product 0 0 0", + "content_type": 21, + "object_id_int": 2 + } + }, + { + "pk": 25, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Security Podcast", + "url": "", + "object_id": "3", + "content": "Security Podcast test product 0 0 0", + "content_type": 21, + "object_id_int": 3 + } + }, + { + "pk": 26, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Web Scan (Dec 01, 2017)", + "url": "", + "object_id": "3", + "content": "", + "content_type": 31, + "object_id_int": 3 + } + }, + { + "pk": 27, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Web Scan (Jan 01, 2018)", + "url": "", + "object_id": "13", + "content": "", + "content_type": 31, + "object_id_int": 13 + } + }, + { + "pk": 28, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Web Scan (Dec 01, 2017)", + "url": "", + "object_id": "14", + "content": "", + "content_type": 31, + "object_id_int": 14 + } + }, + { + "pk": 29, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "2", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 2 + } + }, + { + "pk": 30, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "3", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 3 + } + }, + { + "pk": 31, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "4", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 4 + } + }, + { + "pk": 32, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "5", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 5 + } + }, + { + "pk": 33, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "6", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 6 + } + }, + { + "pk": 34, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "DUMMY FINDING", + "url": "", + "object_id": "7", + "content": "DUMMY FINDING http://www.example.com High TEST finding MITIGATION High S0 None None None None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 ", + "content_type": 33, + "object_id_int": 7 + } + }, + { + "pk": "184770c4c3256aba904297610fbb4da3fa15ba39", + "model": "authtoken.token", + "fields": { + "user": 2, + "created": "2018-04-16T06:54:35.933Z" + } + }, + { + "pk": "548afd6fab3bea9794a41b31da0e9404f733e222", + "model": "authtoken.token", + "fields": { + "user": 1, + "created": "2018-04-16T06:54:35.937Z" + } + }, + { + "pk": "6d45bc1d2e5cea8c4559edd68f910cc485f61708", + "model": "authtoken.token", + "fields": { + "user": 3, + "created": "2018-04-16T06:54:35.940Z" + } + }, + { + "pk": "184770c4c3256aba904297610fbb4da3fa15ba34", + "model": "authtoken.token", + "fields": { + "user": 4, + "created": "2018-04-16T06:54:35.933Z" + } + }, + { + "pk": "184770c4c3256aba904297610fbb4da3fa15ba35", + "model": "authtoken.token", + "fields": { + "user": 5, + "created": "2018-04-16T06:54:35.933Z" + } + }, + { + "pk": "184770c4c3256aba904297610fbb4da3fa15ba36", + "model": "authtoken.token", + "fields": { + "user": 6, + "created": "2018-04-16T06:54:35.933Z" + } + }, + { + "pk": "1", + "model": "dojo.dojo_group", + "fields": { + "name": "Group 1 Testdata", + "description": "Testdata description" + } + }, + { + "pk": "2", + "model": "dojo.dojo_group", + "fields": { + "name": "Group 2 Testdata", + "description": "Testdata description" + } + }, + { + "pk": 1, + "model": "dojo.product_type_group", + "fields": { + "product_type": 1, + "group": 1, + "role": 4 + } + }, + { + "pk": 1, + "model": "dojo.dojo_group_member", + "fields": { + "group": 1, + "user": 1, + "role": 4 + } + }, + { + "pk": 1, + "model": "dojo.product_group", + "fields": { + "product": 1, + "group": 1, + "role": 4 + } + }, + { + "pk": 1, + "model": "dojo.global_role", + "fields": { + "user": 1, + "role": 4 + } + }, + { + "pk": 2, + "model": "dojo.global_role", + "fields": { + "user": 6, + "role": 4 + } + }, + { + "pk": 3, + "model": "dojo.global_role", + "fields": { + "user": 5, + "role": 5 + } + }, + { + "model": "dojo.language_type", + "pk": 1, + "fields": { + "language": "JSON", + "color": "#882B0F" + } + }, + { + "model": "dojo.language_type", + "pk": 2, + "fields": { + "language": "Python", + "color": "#3572A5" + } + }, + { + "model": "dojo.languages", + "pk": 1, + "fields": { + "language": 1, + "product": 1, + "user": 1, + "files": 2, + "blank": 3, + "comment": 4, + "code": 5, + "created": "2018-04-16T06:54:35.940Z" + } + }, + { + "pk": 1, + "model": "dojo.notifications", + "fields": { + "product": null, + "user": null, + "template": false, + "product_type_added": "webhooks,alert", + "product_added": "webhooks,alert", + "engagement_added": "webhooks,alert", + "test_added": "webhooks,alert", + "scan_added": "webhooks,alert", + "scan_added_empty": "webhooks", + "jira_update": "alert", + "upcoming_engagement": "alert", + "stale_engagement": "alert", + "auto_close_engagement": "alert", + "close_engagement": "alert", + "user_mentioned": "alert", + "code_review": "alert", + "review_requested": "alert", + "other": "alert", + "sla_breach": "alert", + "risk_acceptance_expiration": "alert", + "sla_breach_combined": "alert" + } + }, + { + "model": "auth.permission", + "pk": 217, + "fields": { + "name": "Can add finding_ template", + "content_type": 55, + "codename": "add_finding_template" + } + }, + { + "model": "auth.permission", + "pk": 218, + "fields": { + "name": "Can change finding_ template", + "content_type": 55, + "codename": "change_finding_template" + } + }, + { + "model": "auth.permission", + "pk": 219, + "fields": { + "name": "Can delete finding_ template", + "content_type": 55, + "codename": "delete_finding_template" + } + }, + { + "model": "auth.permission", + "pk": 220, + "fields": { + "name": "Can view finding_ template", + "content_type": 55, + "codename": "view_finding_template" + } + }, + { + "model": "auth.permission", + "pk": 25, + "fields": { + "name": "Can add log entry", + "content_type": 7, + "codename": "add_logentry" + } + }, + { + "model": "auth.permission", + "pk": 26, + "fields": { + "name": "Can change log entry", + "content_type": 7, + "codename": "change_logentry" + } + }, + { + "model": "auth.permission", + "pk": 27, + "fields": { + "name": "Can delete log entry", + "content_type": 7, + "codename": "delete_logentry" + } + }, + { + "model": "auth.permission", + "pk": 28, + "fields": { + "name": "Can view log entry", + "content_type": 7, + "codename": "view_logentry" + } + }, + { + "model": "dojo.cred_user", + "pk": 1, + "fields": { + "name": "Cred Product", + "username": "admin", + "password": "AES.1:2f3cb6d1d412a0552a46b67d972d14f5:6617146b4d29492551dfc62e4a697aca", + "role": "admin", + "authentication": "Form", + "http_authentication": "Basic", + "description": "test", + "url": "https://google.com", + "environment": 1, + "login_regex": null, + "logout_regex": null, + "is_valid": true, + "notes": [] + } + }, + { + "model": "dojo.cred_mapping", + "pk": 1, + "fields": { + "cred_id": 1, + "product": 1, + "finding": null, + "engagement": null, + "test": null, + "is_authn_provider": false, + "url": "https://google.com" + } + }, + { + "model": "dojo.announcement", + "pk": 1, + "fields": { + "message": "test message", + "dismissable": true, + "style": "danger" + } + }, + { + "model": "dojo.notification_webhooks", + "pk": 1, + "fields": { + "name": "My webhook endpoint", + "url": "http://webhook.endpoint:8080/post", + "header_name": "Auth", + "header_value": "Token xxx", + "status": "active", + "first_error": null, + "last_error": null, + "note": null, + "owner": null + } + }, + { + "model": "dojo.notification_webhooks", + "pk": 2, + "fields": { + "name": "My personal webhook endpoint", + "url": "http://webhook.endpoint:8080/post", + "header_name": "Auth", + "header_value": "Token secret", + "status": "active", + "first_error": null, + "last_error": null, + "note": null, + "owner": 6 + } + }, + { + "model": "dojo.test_type", + "pk": 1000, + "fields": { + "name": "SonarQube Scan detailed", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } + }, + { + "model": "dojo.test", + "pk": 90, + "fields": { + "engagement": 5, + "lead": [ + "admin" + ], + "test_type": 1000, + "scan_type": "SonarQube Scan detailed", + "title": null, + "description": null, + "target_start": "2025-10-22T08:29:41.333Z", + "target_end": "2025-10-22T08:29:41.333Z", + "percent_complete": 100, + "environment": 1, + "updated": "2025-10-22T08:29:41.590Z", + "created": "2025-10-22T08:29:41.343Z", + "version": "", + "build_id": "", + "commit_hash": "", + "branch_tag": "", + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } + }, + { + "model": "dojo.finding", + "pk": 232, + "fields": { + "title": "Disabling CSRF Protections Is Security-Sensitive", + "date": "2025-10-22", + "sla_start_date": null, + "sla_expiration_date": "2025-11-21", + "cwe": 352, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "A cross-site request forgery (CSRF) attack occurs when a trusted user of a web application can be forced, by an attacker, to perform sensitive\nactions that he didn’t intend, such as updating his profile or sending a message, more generally anything that can change the state of the\napplication.\nThe attacker can trick the user/victim to click on a link, corresponding to the privileged action, or to visit a malicious web site that embeds a\nhidden web request and as web browsers automatically include cookies, the actions can be authenticated and sensitive.\n**Ask Yourself Whether**\n\n The web application uses cookies to authenticate users. \n There exist sensitive operations in the web application that can be performed when the user is authenticated. \n The state / resources of the web application can be modified by doing HTTP POST or HTTP DELETE requests for example. \n\nThere is a risk if you answered yes to any of those questions.\n**Recommended Secure Coding Practices**\n\n Protection against CSRF attacks is strongly recommended:\n \n to be activated by default for all unsafe HTTP\n methods. \n implemented, for example, with an unguessable CSRF token \n \n Of course all sensitive operations should not be performed with safe HTTP methods like GET which are designed to be\n used only for information retrieval. \n\n**Sensitive Code Example**\nFor a Django application, the code is sensitive when,\n\n django.middleware.csrf.CsrfViewMiddleware is not used in the Django settings: \n\n\nMIDDLEWARE = [\n 'django.middleware.security.SecurityMiddleware',\n 'django.contrib.sessions.middleware.SessionMiddleware',\n 'django.middleware.common.CommonMiddleware',\n 'django.contrib.auth.middleware.AuthenticationMiddleware',\n 'django.contrib.messages.middleware.MessageMiddleware',\n 'django.middleware.clickjacking.XFrameOptionsMiddleware',\n] # Sensitive: django.middleware.csrf.CsrfViewMiddleware is missing\n\n\n the CSRF protection is disabled on a view: \n\n\n@csrf_exempt # Sensitive\ndef example(request):\n return HttpResponse(\"default\")\n\nFor a Flask application, the code is sensitive when,\n\n the WTF_CSRF_ENABLED setting is set to false: \n\n\napp = Flask(__name__)\napp.config['WTF_CSRF_ENABLED'] = False # Sensitive\n\n\n the application doesn’t use the CSRFProtect module: \n\n\napp = Flask(__name__) # Sensitive: CSRFProtect is missing\n\n@app.route('/')\ndef hello_world():\n return 'Hello, World!'\n\n\n the CSRF protection is disabled on a view: \n\n\napp = Flask(__name__)\ncsrf = CSRFProtect()\ncsrf.init_app(app)\n\n@app.route('/example/', methods=['POST'])\n@csrf.exempt # Sensitive\ndef example():\n return 'example '\n\n\n the CSRF protection is disabled on a form: \n\n\nclass unprotectedForm(FlaskForm):\n class Meta:\n csrf = False # Sensitive\n\n name = TextField('name')\n submit = SubmitField('submit')\n\n**Compliant Solution**\nFor a Django application,\n\n it is recommended to protect all the views with django.middleware.csrf.CsrfViewMiddleware: \n\n\nMIDDLEWARE = [\n 'django.middleware.security.SecurityMiddleware',\n 'django.contrib.sessions.middleware.SessionMiddleware',\n 'django.middleware.common.CommonMiddleware',\n 'django.middleware.csrf.CsrfViewMiddleware', # Compliant\n 'django.contrib.auth.middleware.AuthenticationMiddleware',\n 'django.contrib.messages.middleware.MessageMiddleware',\n 'django.middleware.clickjacking.XFrameOptionsMiddleware',\n]\n\n\n and to not disable the CSRF protection on specific views: \n\n\ndef example(request): # Compliant\n return HttpResponse(\"default\")\n\nFor a Flask application,\n\n the CSRFProtect module should be used (and not disabled further with WTF_CSRF_ENABLED set to false):\n \n\n\napp = Flask(__name__)\ncsrf = CSRFProtect()\ncsrf.init_app(app) # Compliant\n\n\n and it is recommended to not disable the CSRF protection on specific views or forms: \n\n\n@app.route('/example/', methods=['POST']) # Compliant\ndef example():\n return 'example '\n\nclass unprotectedForm(FlaskForm):\n class Meta:\n csrf = True # Compliant\n\n name = TextField('name')\n submit = SubmitField('submit')", + "mitigation": "Make sure disabling CSRF protection is safe here.", + "fix_available": null, + "impact": "No impact provided", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "python:S4502\nunsafe HTTP\n methods\nsafe HTTP\nDjango\nDjango settings\nFlask\nDjango\nFlask\nOWASP Top 10 2021 Category A1\nMITRE, CWE-352\nOWASP Top 10 2017 Category A6\nOWASP: Cross-Site Request Forgery\nSANS Top 25", + "test": 90, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-10-22T08:29:41.361Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2025-10-22T08:29:41.336Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ed09b1b5980bd7b9d67b58ba3a3200b788b567a8b3359b5b66d861112b025b9e", + "line": 8, + "file_path": "vulnerable-flask-app.py", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "created": "2025-10-22T08:29:41.361Z", + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": "AYvNd32RyD1npIoQXyT1", + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1000 + ], + "tags": [], + "inherited_tags": [] + } + }, + { + "model": "dojo.test_import", + "pk": 6829, + "fields": { + "created": "2025-10-22T08:29:41.453Z", + "modified": "2025-10-22T08:29:41.453Z", + "test": 90, + "import_settings": { + "tags": [], + "active": true, + "verified": true, + "push_to_jira": false, + "minimum_severity": "Info", + "close_old_findings": false + }, + "type": "import", + "version": "", + "build_id": "", + "commit_hash": "", + "branch_tag": "" + } + }, + { + "model": "dojo.test_import_finding_action", + "pk": 80213, + "fields": { + "created": "2025-10-22T08:29:41.458Z", + "modified": "2025-10-22T08:29:41.458Z", + "test_import": 6829, + "finding": 232, + "action": "N" + } + }, + { + "model": "dojo.test_type", + "pk": 1001, + "fields": { + "name": "HackerOne Cases", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } + }, + { + "model": "dojo.test", + "pk": 91, + "fields": { + "engagement": 5, + "lead": [ + "admin" + ], + "test_type": 1001, + "scan_type": "HackerOne Cases", + "title": null, + "description": null, + "target_start": "2025-10-22T08:52:53.734Z", + "target_end": "2025-10-22T08:52:53.734Z", + "percent_complete": 100, + "environment": 1, + "updated": "2025-10-22T08:52:53.859Z", + "created": "2025-10-22T08:52:53.737Z", + "version": "", + "build_id": "", + "commit_hash": "", + "branch_tag": "", + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } + }, + { + "model": "dojo.finding", + "pk": 233, + "fields": { + "title": "Sensitive Account Balance Information Exposure via Example's DaviPlata Payment Link Integration", + "date": "2025-10-22", + "sla_start_date": null, + "sla_expiration_date": "2026-01-20", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "**ID**: 2501687\n**Weakness Category**: Information Disclosure\n**Substate**: triaged\n**Reporter**: reporter\n**Assigned To**: Group example.co Team\n**Public**: no\n**Awarded On**: 2024-08-28 19:40:24 UTC\n**Bounty Price**: 400.0\n**First Response On**: 2024-05-14 22:14:16 UTC\n**Structured Scope**: 1489537348\n", + "mitigation": null, + "fix_available": null, + "impact": null, + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 91, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-10-22T08:52:53.755Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2025-10-22T08:52:53.735Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "684facb6f2fd8faa50a28637d4f7fc1ba9ad3d3a932d39960e99e3c10aec3495", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "created": "2025-10-22T08:52:53.755Z", + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1001 + ], + "tags": [], + "inherited_tags": [] + } + }, + { + "model": "dojo.test_import", + "pk": 6830, + "fields": { + "created": "2025-10-22T08:52:53.797Z", + "modified": "2025-10-22T08:52:53.797Z", + "test": 91, + "import_settings": { + "tags": [], + "active": true, + "verified": true, + "push_to_jira": false, + "minimum_severity": "Info", + "close_old_findings": false + }, + "type": "import", + "version": "", + "build_id": "", + "commit_hash": "", + "branch_tag": "" + } + }, + { + "model": "dojo.test_import_finding_action", + "pk": 80214, + "fields": { + "created": "2025-10-22T08:52:53.798Z", + "modified": "2025-10-22T08:52:53.798Z", + "test_import": 6830, + "finding": 233, + "action": "N" + } + } +] \ No newline at end of file diff --git a/dojo/forms.py b/dojo/forms.py index 0e32fcb0b15..f731a32671e 100644 --- a/dojo/forms.py +++ b/dojo/forms.py @@ -38,6 +38,8 @@ from dojo.finding.queries import get_authorized_findings from dojo.group.queries import get_authorized_groups, get_group_member_roles from dojo.labels import get_labels +from dojo.location.models import Location +from dojo.location.utils import validate_locations_to_add from dojo.models import ( EFFORT_FOR_FIXING_CHOICES, SEVERITY_CHOICES, @@ -521,10 +523,10 @@ class Meta: class DojoMetaDataForm(forms.ModelForm): - value = forms.CharField(widget=forms.Textarea(attrs={}), - required=True) - def full_clean(self): + # inject all fk_map values + for field, value in self.fk_map.items(): + setattr(self.instance, field, value) super().full_clean() try: self.instance.validate_unique() @@ -532,11 +534,23 @@ def full_clean(self): msg = "A metadata entry with the same name exists already for this object." self.add_error("name", msg) + def __init__(self, *args, **kwargs): + self.fk_map = kwargs.pop("fk_map", {}) + super().__init__(*args, **kwargs) + class Meta: model = DojoMeta fields = "__all__" +DojoMetaFormSet = modelformset_factory( + DojoMeta, + form=DojoMetaDataForm, + extra=1, + can_delete=True, +) + + class ImportScanForm(forms.Form): active_verified_choices = [("not_specified", "Not specified (default)"), ("force_to_true", "Force to True"), @@ -561,11 +575,11 @@ class ImportScanForm(forms.Form): scan_type = forms.ChoiceField(required=True, choices=get_choices_sorted) environment = forms.ModelChoiceField( queryset=Development_Environment.objects.all().order_by("name")) - endpoints = forms.ModelMultipleChoiceField(Endpoint.objects, required=False, label="Systems / Endpoints") + endpoints = forms.ModelMultipleChoiceField(Location.objects, required=False, label="Systems / Endpoints") endpoints_to_add = forms.CharField(max_length=5000, required=False, label="Endpoints to add", - help_text="The IP address, host name or full URL. You may enter one endpoint per line. " - "Each must be valid.", - widget=forms.widgets.Textarea(attrs={"rows": "3", "cols": "400"})) + help_text="The IP address, host name or full URL. You may enter one endpoint per line. " + "Each must be valid.", + widget=forms.widgets.Textarea(attrs={"rows": "3", "cols": "400"})) version = forms.CharField(max_length=100, required=False, help_text="Version that was scanned.") branch_tag = forms.CharField(max_length=100, required=False, help_text="Branch or Tag that was scanned.") commit_hash = forms.CharField(max_length=100, required=False, help_text="Commit that was scanned.") @@ -627,6 +641,9 @@ def __init__(self, *args, **kwargs): self.fields["environment"].initial = environment if endpoints: self.fields["endpoints"].queryset = endpoints + elif not settings.V3_FEATURE_LOCATIONS: + # TODO: Delete this after the move to Locations + self.fields["endpoints"].queryset = Endpoint.objects if api_scan_configuration: self.fields["api_scan_configuration"].queryset = api_scan_configuration # couldn't find a cleaner way to add empty default @@ -654,7 +671,12 @@ def clean(self): msg = f"API scan configuration must be of tool type {tool_type}" raise forms.ValidationError(msg) - endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if settings.V3_FEATURE_LOCATIONS: + endpoints_to_add_list, errors = validate_locations_to_add(cleaned_data["endpoints_to_add"]) + else: + # TODO: Delete this after the move to Locations + endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if errors: raise forms.ValidationError(errors) self.endpoints_to_add_list = endpoints_to_add_list @@ -696,7 +718,7 @@ class ReImportScanForm(forms.Form): help_do_not_reactivate = "Select if the import should ignore active findings from the report, useful for triage-less scanners. Will keep existing findings closed, without reactivating them. For more information check the docs." do_not_reactivate = forms.BooleanField(help_text=help_do_not_reactivate, required=False) - endpoints = forms.ModelMultipleChoiceField(Endpoint.objects, required=False, label="Systems / Endpoints") + endpoints = forms.ModelMultipleChoiceField(Location.objects, required=False, label="Systems / Endpoints") tags = TagField(required=False, help_text="Modify existing tags that help describe this scan. " "Choose from the list or add new tags. Press Enter key to add.") file = forms.FileField( @@ -745,6 +767,9 @@ def __init__(self, *args, test=None, **kwargs): self.fields["tags"].initial = test.tags.all() if endpoints: self.fields["endpoints"].queryset = endpoints + elif not settings.V3_FEATURE_LOCATIONS: + # TODO: Delete this after the move to Locations + self.fields["endpoints"].queryset = Endpoint.objects if api_scan_configuration: self.initial["api_scan_configuration"] = api_scan_configuration if api_scan_configuration_queryset: @@ -1216,7 +1241,7 @@ class AddFindingForm(forms.ModelForm): impact = forms.CharField(widget=forms.Textarea, required=False) request = forms.CharField(widget=forms.Textarea, required=False) response = forms.CharField(widget=forms.Textarea, required=False) - endpoints = forms.ModelMultipleChoiceField(Endpoint.objects.none(), required=False, label="Systems / Endpoints") + endpoints = forms.ModelMultipleChoiceField(Location.objects.none(), required=False, label="Systems / Endpoints") endpoints_to_add = forms.CharField(max_length=5000, required=False, label="Endpoints to add", help_text="The IP address, host name or full URL. You may enter one endpoint per line. " "Each must be valid.", @@ -1245,8 +1270,13 @@ def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - if product: + if settings.V3_FEATURE_LOCATIONS and product: + self.fields["endpoints"].queryset = Location.objects.filter(products__product=product) + # TODO: Delete this after the move to Locations + elif product: self.fields["endpoints"].queryset = Endpoint.objects.filter(product=product) + else: + self.fields["endpoints"].queryset = Endpoint.objects.none() if req_resp: self.fields["request"].initial = req_resp[0] @@ -1269,7 +1299,12 @@ def clean(self): msg = "Active findings cannot be risk accepted." raise forms.ValidationError(msg) - endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if settings.V3_FEATURE_LOCATIONS: + endpoints_to_add_list, errors = validate_locations_to_add(cleaned_data["endpoints_to_add"]) + else: + # TODO: Delete this after the move to Locations + endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if errors: raise forms.ValidationError(errors) self.endpoints_to_add_list = endpoints_to_add_list @@ -1313,11 +1348,12 @@ class AdHocFindingForm(forms.ModelForm): impact = forms.CharField(widget=forms.Textarea, required=False) request = forms.CharField(widget=forms.Textarea, required=False) response = forms.CharField(widget=forms.Textarea, required=False) - endpoints = forms.ModelMultipleChoiceField(queryset=Endpoint.objects.none(), required=False, label="Systems / Endpoints") + endpoints = forms.ModelMultipleChoiceField(queryset=Location.objects.all(), required=False, + label="Systems / Endpoints") endpoints_to_add = forms.CharField(max_length=5000, required=False, label="Endpoints to add", - help_text="The IP address, host name or full URL. You may enter one endpoint per line. " - "Each must be valid.", - widget=forms.widgets.Textarea(attrs={"rows": "3", "cols": "400"})) + help_text="The IP address, host name or full URL. You may enter one endpoint per line. " + "Each must be valid.", + widget=forms.widgets.Textarea(attrs={"rows": "3", "cols": "400"})) references = forms.CharField(widget=forms.Textarea, required=False) publish_date = forms.DateField(widget=forms.TextInput(attrs={"class": "datepicker", "autocomplete": "off"}), required=False) planned_remediation_date = forms.DateField(widget=forms.TextInput(attrs={"class": "datepicker", "autocomplete": "off"}), required=False) @@ -1342,8 +1378,13 @@ def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - if product: + if settings.V3_FEATURE_LOCATIONS and product: + self.fields["endpoints"].queryset = Location.objects.filter(products__product=product) + # TODO: Delete this after the move to Locations + elif product: self.fields["endpoints"].queryset = Endpoint.objects.filter(product=product) + else: + self.fields["endpoints"].queryset = Endpoint.objects.none() if req_resp: self.fields["request"].initial = req_resp[0] @@ -1363,10 +1404,16 @@ def clean(self): msg = "False positive findings cannot be verified." raise forms.ValidationError(msg) - endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if settings.V3_FEATURE_LOCATIONS: + endpoints_to_add_list, errors = validate_locations_to_add(cleaned_data["endpoints_to_add"]) + else: + # TODO: Delete this after the move to Locations + endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + + self.endpoints_to_add_list = endpoints_to_add_list + if errors: raise forms.ValidationError(errors) - self.endpoints_to_add_list = endpoints_to_add_list return cleaned_data @@ -1406,7 +1453,7 @@ class PromoteFindingForm(forms.ModelForm): "invalid_choice": "Select valid choice: Critical,High,Medium,Low"}) mitigation = forms.CharField(widget=forms.Textarea, required=False) impact = forms.CharField(widget=forms.Textarea, required=False) - endpoints = forms.ModelMultipleChoiceField(Endpoint.objects.none(), required=False, label="Systems / Endpoints") + endpoints = forms.ModelMultipleChoiceField(Location.objects.none(), required=False, label="Systems / Endpoints") endpoints_to_add = forms.CharField(max_length=5000, required=False, label="Endpoints to add", help_text="The IP address, host name or full URL. You may enter one endpoint per line. " "Each must be valid.", @@ -1426,8 +1473,13 @@ def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - if product: + if settings.V3_FEATURE_LOCATIONS and product: + self.fields["endpoints"].queryset = Location.objects.filter(products__product=product) + # TODO: Delete this after the move to Locations + elif product: self.fields["endpoints"].queryset = Endpoint.objects.filter(product=product) + else: + self.fields["endpoints"].queryset = Endpoint.objects.none() self.endpoints_to_add_list = [] @@ -1437,7 +1489,12 @@ def __init__(self, *args, **kwargs): def clean(self): cleaned_data = super().clean() - endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if settings.V3_FEATURE_LOCATIONS: + endpoints_to_add_list, errors = validate_locations_to_add(cleaned_data["endpoints_to_add"]) + else: + # TODO: Delete this after the move to Locations + endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if errors: raise forms.ValidationError(errors) self.endpoints_to_add_list = endpoints_to_add_list @@ -1483,7 +1540,7 @@ class FindingForm(forms.ModelForm): impact = forms.CharField(widget=forms.Textarea, required=False) request = forms.CharField(widget=forms.Textarea, required=False) response = forms.CharField(widget=forms.Textarea, required=False) - endpoints = forms.ModelMultipleChoiceField(queryset=Endpoint.objects.none(), required=False, label="Systems / Endpoints") + endpoints = forms.ModelMultipleChoiceField(queryset=Location.objects.none(), required=False, label="Systems / Endpoints") endpoints_to_add = forms.CharField(max_length=5000, required=False, label="Endpoints to add", help_text="The IP address, host name or full URL. You may enter one endpoint per line. " "Each must be valid.", @@ -1518,7 +1575,14 @@ def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - self.fields["endpoints"].queryset = Endpoint.objects.filter(product=self.instance.test.engagement.product) + if settings.V3_FEATURE_LOCATIONS: + self.fields["endpoints"].queryset = Location.objects.filter(products__product=self.instance.test.engagement.product) + if self.instance and self.instance.pk: + self.fields["endpoints"].initial = Location.objects.filter(findings__finding=self.instance) + else: + # TODO: Delete this after the move to Locations + self.fields["endpoints"].queryset = Endpoint.objects.filter(product=self.instance.test.engagement.product) + self.fields["mitigated_by"].queryset = get_authorized_users(Permissions.Finding_Edit) # do not show checkbox if finding is not accepted and simple risk acceptance is disabled @@ -1576,10 +1640,16 @@ def clean(self): msg = "Active findings cannot be risk accepted." raise forms.ValidationError(msg) - endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if settings.V3_FEATURE_LOCATIONS: + endpoints_to_add_list, errors = validate_locations_to_add(cleaned_data["endpoints_to_add"]) + else: + # TODO: Delete this after the move to Locations + endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + + self.endpoints_to_add_list = endpoints_to_add_list + if errors: raise forms.ValidationError(errors) - self.endpoints_to_add_list = endpoints_to_add_list return cleaned_data @@ -1601,7 +1671,8 @@ def _post_clean(self): class Meta: model = Finding exclude = ("reporter", "url", "numerical_severity", "under_review", "reviewers", "cve", "inherited_tags", - "review_requested_by", "is_mitigated", "jira_creation", "jira_change", "sonarqube_issue", "endpoint_status") + "review_requested_by", "is_mitigated", "jira_creation", "jira_change", "sonarqube_issue", + "endpoints", "endpoint_status") class StubFindingForm(forms.ModelForm): @@ -1946,7 +2017,7 @@ def __init__(self, *args, **kwargs): product = kwargs.pop("product") super().__init__(*args, **kwargs) self.fields["product"] = forms.ModelChoiceField( - queryset=get_authorized_products(Permissions.Endpoint_Add), + queryset=get_authorized_products(Permissions.Location_Add), label=labels.ASSET_LABEL, help_text=labels.ASSET_ENDPOINT_HELP) if product is not None: diff --git a/dojo/importers/base_importer.py b/dojo/importers/base_importer.py index 9da381be678..3e00a216cbd 100644 --- a/dojo/importers/base_importer.py +++ b/dojo/importers/base_importer.py @@ -16,7 +16,9 @@ import dojo.risk_acceptance.helper as ra_helper from dojo import utils from dojo.importers.endpoint_manager import EndpointManager +from dojo.importers.location_manager import LocationManager from dojo.importers.options import ImporterOptions +from dojo.location.models import AbstractLocation, Location from dojo.models import ( # Import History States IMPORT_CLOSED_FINDING, @@ -80,7 +82,11 @@ def __init__( and will raise a `NotImplemented` exception """ ImporterOptions.__init__(self, *args, **kwargs) - self.endpoint_manager = EndpointManager() + if settings.V3_FEATURE_LOCATIONS: + self.location_manager = LocationManager() + else: + # TODO: Delete this after the move to Locations + self.endpoint_manager = EndpointManager() def check_child_implementation_exception(self): """ @@ -115,7 +121,7 @@ def process_findings( """ Make the conversion from unsaved Findings in memory to Findings that are saved in the database with and ID associated with them. This processor will also save any associated - objects such as endpoints, vulnerability IDs, and request/response pairs + objects such as locations, vulnerability IDs, and request/response pairs """ self.check_child_implementation_exception() @@ -411,8 +417,24 @@ def apply_import_tags( for tag in self.tags: self.add_tags_safe(finding, tag) + if settings.V3_FEATURE_LOCATIONS: + # Add any tags to any locations of the findings imported if necessary + if self.apply_tags_to_endpoints and self.tags: + # Collect all endpoints linked to the affected findings + locations_qs = Location.objects.filter(findings__finding__in=findings_to_tag).distinct() + try: + bulk_add_tags_to_instances( + tag_or_tags=self.tags, + instances=locations_qs, + tag_field_name="tags", + ) + except IntegrityError: + for finding in findings_to_tag: + for location in finding.locations.all(): + for tag in self.tags: + self.add_tags_safe(location.location, tag) # Add any tags to any endpoints of the findings imported if necessary - if self.apply_tags_to_endpoints and self.tags: + elif self.apply_tags_to_endpoints and self.tags: endpoints_qs = Endpoint.objects.filter(finding__in=findings_to_tag).distinct() try: bulk_add_tags_to_instances( @@ -463,8 +485,13 @@ def update_import_history( import_settings["close_old_findings"] = self.close_old_findings_toggle import_settings["push_to_jira"] = self.push_to_jira import_settings["tags"] = self.tags + if settings.V3_FEATURE_LOCATIONS: + # Add the list of locations that were added exclusively at import time + if len(self.endpoints_to_add) > 0: + import_settings["locations"] = [str(location) for location in self.endpoints_to_add] + # TODO: Delete this after the move to Locations # Add the list of endpoints that were added exclusively at import time - if len(self.endpoints_to_add) > 0: + elif len(self.endpoints_to_add) > 0: import_settings["endpoints"] = [str(endpoint) for endpoint in self.endpoints_to_add] # Create the test import object test_import = Test_Import.objects.create( @@ -539,19 +566,25 @@ def create_import_history_record_safe( def add_tags_safe( self, - finding_or_endpoint, + finding_or_location: Finding | Location | Endpoint, tag, ): - """Adds tags to a finding or endpoint, while catching any IntegrityErrors that might happen because of the background job having deleted a finding""" - if not isinstance(finding_or_endpoint, Finding) and not isinstance(finding_or_endpoint, Endpoint): - msg = "finding_or_endpoint must be a Finding or Endpoint object" + """Adds tags to a finding, location, or endpoint, while catching any IntegrityErrors that might happen because of the background job having deleted a finding""" + if isinstance(finding_or_location, Finding): + msg = "finding" + elif isinstance(finding_or_location, Location): + msg = "location" + # TODO: Delete this after the move to Locations + elif isinstance(finding_or_location, Endpoint): + msg = "endpoint" + else: + msg = f"finding_or_location must be a Finding, Location or Endpoint object not {type(finding_or_location)}" raise TypeError(msg) - msg = "finding" if isinstance(finding_or_endpoint, Finding) else "endpoint" if isinstance(finding_or_endpoint, Endpoint) else "unknown" - logger.debug(f" adding tag: {tag} to " + msg + f"{finding_or_endpoint.id}") + logger.debug(f"adding tag: {tag} to " + msg + f"{finding_or_location.id}") try: - finding_or_endpoint.tags.add(tag) + finding_or_location.tags.add(tag) except IntegrityError as e: # This try catch makes us look we don't know what we're doing, but in https://github.com/DefectDojo/django-DefectDojo/issues/6217 we decided that for now this is the best solution logger.warning("Error adding tag: %s", e) @@ -605,8 +638,8 @@ def update_test_progress( ): """ This function is added to the async queue at the end of all finding import tasks - and after endpoint task, so this should only run after all the other ones are done. - It's purpose is to update the percent completion of the test to 100 percent + and after location task, so this should only run after all the other ones are done. + Its purpose is to update the percent completion of the test to 100 percent """ self.test.percent_complete = percentage_value self.test.save() @@ -819,6 +852,26 @@ def process_request_response_pairs( burp_rr.clean() burp_rr.save() + def process_locations( + self, + finding: Finding, + locations_to_add: list[AbstractLocation], + ) -> None: + """ + Process any locations to add to the finding. Locations could come from two places + - Directly from the report + - Supplied by the user from the import form + These locations will be processed in to Location objects and associated with the + finding and product + """ + # Save the unsaved locations + self.location_manager.chunk_locations_and_disperse(finding, finding.unsaved_locations) + # Check for any that were added in the form + if len(locations_to_add) > 0: + logger.debug("locations_to_add: %s", locations_to_add) + self.location_manager.chunk_locations_and_disperse(finding, locations_to_add) + + # TODO: Delete this after the move to Locations def process_endpoints( self, finding: Finding, @@ -831,6 +884,10 @@ def process_endpoints( These endpoints will be processed in to endpoints objects and associated with the finding and and product """ + if settings.V3_FEATURE_LOCATIONS: + msg = "BaseImporter#process_endpoints() method is deprecated when V3_FEATURE_LOCATIONS is enabled" + raise NotImplementedError(msg) + # Save the unsaved endpoints self.endpoint_manager.chunk_endpoints_and_disperse(finding, finding.unsaved_endpoints) # Check for any that were added in the form @@ -912,7 +969,7 @@ def mitigate_finding( product_grading_option: bool = True, ) -> None: """ - Mitigates a finding, all endpoint statuses, leaves a note on the finding + Mitigates a finding, all location statuses, leaves a note on the finding with a record of what happened, and then saves the finding. Changes to this finding will also be synced with some ticket tracking system as well as groups @@ -929,8 +986,13 @@ def mitigate_finding( # Remove risk acceptance if present (vulnerability is now fixed) # risk_unaccept will check if finding.risk_accepted is True before proceeding ra_helper.risk_unaccept(self.user, finding, perform_save=False, post_comments=False) - # Mitigate the endpoint statuses - self.endpoint_manager.mitigate_endpoint_status(finding.status_finding.all(), self.user, kwuser=self.user, sync=True) + if settings.V3_FEATURE_LOCATIONS: + # Mitigate the location statuses + self.location_manager.mitigate_location_status(finding.locations.all(), self.user, kwuser=self.user, sync=True) + else: + # TODO: Delete this after the move to Locations + # Mitigate the endpoint statuses + self.endpoint_manager.mitigate_endpoint_status(finding.status_finding.all(), self.user, kwuser=self.user, sync=True) # to avoid pushing a finding group multiple times, we push those outside of the loop if finding_groups_enabled and finding.finding_group: # don't try to dedupe findings that we are closing diff --git a/dojo/importers/default_importer.py b/dojo/importers/default_importer.py index 9dfa577099d..6fc2beff074 100644 --- a/dojo/importers/default_importer.py +++ b/dojo/importers/default_importer.py @@ -128,7 +128,7 @@ def process_scan( new_findings=new_findings, closed_findings=closed_findings, ) - # Apply tags to findings and endpoints + # Apply tags to findings and endpoints/locations self.apply_import_tags( new_findings=new_findings, closed_findings=closed_findings, @@ -168,7 +168,7 @@ def process_findings( """ Saves findings in memory that were parsed from the scan report into the database. - This process involves first saving associated objects such as endpoints, files, + This process involves first saving associated objects such as locations, files, vulnerability IDs, and request response pairs. Once all that has been completed, the finding may be appended to a new or existing group based upon user selection at import time @@ -220,10 +220,10 @@ def process_findings( unsaved_finding.unsaved_tags = merged_tags unsaved_finding.tags = None finding = self.process_cve(unsaved_finding) - # Calculate hash_code before saving based on unsaved_endpoints and unsaved_vulnerability_ids + # Calculate hash_code before saving based on unsaved_endpoints/unsaved_locations and unsaved_vulnerability_ids finding.set_hash_code(True) - # postprocessing will be done after processing related fields like endpoints, vulnerability ids, etc. + # postprocessing will be done after processing related fields like locations, vulnerability ids, etc. unsaved_finding.save_no_options() # Determine how the finding should be grouped @@ -233,8 +233,13 @@ def process_findings( ) # Process any request/response pairs self.process_request_response_pairs(finding) - # Process any endpoints on the endpoint, or added on the form - self.process_endpoints(finding, self.endpoints_to_add) + if settings.V3_FEATURE_LOCATIONS: + # Process any locations on the finding, or added on the form + self.process_locations(finding, self.endpoints_to_add) + else: + # TODO: Delete this after the move to Locations + # Process any endpoints on the finding, or added on the form + self.process_endpoints(finding, self.endpoints_to_add) # Parsers must use unsaved_tags to store tags, so we can clean them cleaned_tags = clean_tags(finding.unsaved_tags) if isinstance(cleaned_tags, list): @@ -305,7 +310,7 @@ def close_old_findings( """ Closes old findings based on a hash code match at either the product or the engagement scope. Closing an old finding entails setting the - finding to mitigated status, setting all endpoint statuses to mitigated, + finding to mitigated status, setting all location statuses to mitigated, as well as leaving a not on the finding indicating that it was mitigated because the vulnerability is no longer present in the submitted scan report. """ @@ -362,7 +367,7 @@ def close_old_findings( old_findings = old_findings.filter(service=self.service) else: old_findings = old_findings.filter(Q(service__isnull=True) | Q(service__exact="")) - # Update the status of the findings and any endpoints + # Update the status of the findings and any locations for old_finding in old_findings: url = str(get_full_url(reverse("view_test", args=(self.test.id,)))) test_title = str(self.test.title) diff --git a/dojo/importers/default_reimporter.py b/dojo/importers/default_reimporter.py index d80b0de8b55..863a2cf0212 100644 --- a/dojo/importers/default_reimporter.py +++ b/dojo/importers/default_reimporter.py @@ -15,6 +15,7 @@ ) from dojo.importers.base_importer import BaseImporter, Parser from dojo.importers.options import ImporterOptions +from dojo.location.status import FindingLocationStatus from dojo.models import ( Development_Environment, Finding, @@ -259,7 +260,7 @@ def process_findings( ) -> tuple[list[Finding], list[Finding], list[Finding], list[Finding]]: """ Saves findings in memory that were parsed from the scan report into the database. - This process involves first saving associated objects such as endpoints, files, + This process involves first saving associated objects such as endpoints/locations, files, vulnerability IDs, and request response pairs. Once all that has been completed, the finding may be appended to a new or existing group based upon user selection at import time @@ -328,8 +329,13 @@ def process_findings( # Set the service supplied at import time if self.service is not None: unsaved_finding.service = self.service - # Clean any endpoints that are on the finding - self.endpoint_manager.clean_unsaved_endpoints(unsaved_finding.unsaved_endpoints) + if settings.V3_FEATURE_LOCATIONS: + # Clean any locations that are on the finding + self.location_manager.clean_unsaved_locations(unsaved_finding.unsaved_locations) + else: + # TODO: Delete this after the move to Locations + # Clean any endpoints that are on the finding + self.endpoint_manager.clean_unsaved_endpoints(unsaved_finding.unsaved_endpoints) # Calculate the hash code to be used to identify duplicates unsaved_finding.hash_code = self.calculate_unsaved_finding_hash_code(unsaved_finding) deduplicationLogger.debug(f"unsaved finding's hash_code: {unsaved_finding.hash_code}") @@ -365,15 +371,27 @@ def process_findings( continue # Update endpoints on the existing finding with those on the new finding if finding.dynamic_finding: - logger.debug( - "Re-import found an existing dynamic finding for this new " - "finding. Checking the status of endpoints", - ) - self.endpoint_manager.update_endpoint_status( - existing_finding, - unsaved_finding, - self.user, - ) + if settings.V3_FEATURE_LOCATIONS: + logger.debug( + "Re-import found an existing dynamic finding for this new " + "finding. Checking the status of locations", + ) + self.location_manager.update_location_status( + existing_finding, + unsaved_finding, + self.user, + ) + else: + # TODO: Delete this after the move to Locations + logger.debug( + "Re-import found an existing dynamic finding for this new " + "finding. Checking the status of endpoints", + ) + self.endpoint_manager.update_endpoint_status( + existing_finding, + unsaved_finding, + self.user, + ) else: finding, finding_will_be_grouped = self.process_finding_that_was_not_matched(unsaved_finding) @@ -634,7 +652,8 @@ def process_matched_special_status_finding( # If the finding is risk accepted and inactive in Defectdojo we do not sync the status from the scanner # We also need to add the finding to 'unchanged_items' as otherwise it will get mitigated by the reimporter # (Risk accepted findings are not set to mitigated by Defectdojo) - # We however do not exit the loop as we do want to update the endpoints (in case some endpoints were fixed) + # We however do not exit the loop as we do want to update the endpoints/locations (in case some + # endpoints/locations were fixed) if existing_finding.risk_accepted and not existing_finding.active: self.unchanged_items.append(existing_finding) return existing_finding, False @@ -729,17 +748,24 @@ def process_matched_mitigated_finding( if existing_finding.get_sla_configuration().restart_sla_on_reactivation: # restart the sla start date to the current date, finding.save() will set new sla_expiration_date existing_finding.sla_start_date = self.now - # don't dedupe before endpoints are added, postprocessing will be done on next save (in calling method) + # don't dedupe before endpoints/locations are added, postprocessing will be done on next save (in calling method) existing_finding.save_no_options() note = Notes(entry=f"Re-activated by {self.scan_type} re-upload.", author=self.user) note.save() - endpoint_statuses = existing_finding.status_finding.exclude( - Q(false_positive=True) - | Q(out_of_scope=True) - | Q(risk_accepted=True), - ) - self.endpoint_manager.chunk_endpoints_and_reactivate(endpoint_statuses) + if settings.V3_FEATURE_LOCATIONS: + # Reactivate mitigated locations + mitigated_locations = existing_finding.locations.filter(status=FindingLocationStatus.Mitigated) + self.location_manager.chunk_locations_and_reactivate(mitigated_locations) + else: + # TODO: Delete this after the move to Locations + # Reactivate mitigated endpoints that are not false positives, out of scope, or risk accepted + endpoint_statuses = existing_finding.status_finding.exclude( + Q(false_positive=True) + | Q(out_of_scope=True) + | Q(risk_accepted=True), + ) + self.endpoint_manager.chunk_endpoints_and_reactivate(endpoint_statuses) existing_finding.notes.add(note) self.reactivated_items.append(existing_finding) # The new finding is active while the existing on is mitigated. The existing finding needs to @@ -835,7 +861,7 @@ def process_finding_that_was_not_matched( unsaved_finding.date = self.scan_date.date() unsaved_finding = self.process_cve(unsaved_finding) # Hash code is already calculated earlier as it's the primary matching criteria for reimport - # Save it. Don't dedupe before endpoints are added. + # Save it. Don't dedupe before endpoints/locations are added. unsaved_finding.save_no_options() finding = unsaved_finding # Force parsers to use unsaved_tags (stored in finding_post_processing function below) @@ -900,9 +926,15 @@ def finding_post_processing( Save all associated objects to the finding after it has been saved for the purpose of foreign key restrictions """ - self.endpoint_manager.chunk_endpoints_and_disperse(finding, finding_from_report.unsaved_endpoints) - if len(self.endpoints_to_add) > 0: - self.endpoint_manager.chunk_endpoints_and_disperse(finding, self.endpoints_to_add) + if settings.V3_FEATURE_LOCATIONS: + self.location_manager.chunk_locations_and_disperse(finding, finding_from_report.unsaved_locations) + if len(self.endpoints_to_add) > 0: + self.location_manager.chunk_locations_and_disperse(finding, self.endpoints_to_add) + else: + # TODO: Delete this after the move to Locations + self.endpoint_manager.chunk_endpoints_and_disperse(finding, finding_from_report.unsaved_endpoints) + if len(self.endpoints_to_add) > 0: + self.endpoint_manager.chunk_endpoints_and_disperse(finding, self.endpoints_to_add) # Parsers shouldn't use the tags field, and use unsaved_tags instead. # Merge any tags set by parser into unsaved_tags tags_from_parser = finding_from_report.tags if isinstance(finding_from_report.tags, list) else [] diff --git a/dojo/importers/endpoint_manager.py b/dojo/importers/endpoint_manager.py index f4b277d49fa..8817ff71bdb 100644 --- a/dojo/importers/endpoint_manager.py +++ b/dojo/importers/endpoint_manager.py @@ -17,6 +17,7 @@ logger = logging.getLogger(__name__) +# TODO: Delete this after the move to Locations class EndpointManager: @dojo_async_task @app.task() diff --git a/dojo/importers/location_manager.py b/dojo/importers/location_manager.py new file mode 100644 index 00000000000..c3a12fb5391 --- /dev/null +++ b/dojo/importers/location_manager.py @@ -0,0 +1,150 @@ +import logging +from typing import TypeVar + +from django.core.exceptions import ValidationError +from django.db.models import QuerySet +from django.utils import timezone + +from dojo.celery import app +from dojo.decorators import dojo_async_task +from dojo.location.models import AbstractLocation, LocationFindingReference +from dojo.location.status import FindingLocationStatus +from dojo.models import ( + Dojo_User, + Endpoint, + Finding, +) +from dojo.url.models import URL + +logger = logging.getLogger(__name__) + + +EndpointOrURL = TypeVar("EndpointOrURL", Endpoint, URL) + + +# test_notifications.py: Implement Locations +class LocationManager: + def get_or_create_location(self, unsaved_location: AbstractLocation) -> AbstractLocation | None: + if isinstance(unsaved_location, URL): + return URL.get_or_create_from_object(unsaved_location) + logger.debug(f"IMPORT_SCAN: Unsupported location type: {type(unsaved_location)}") + return None + + @dojo_async_task + @app.task() + def add_locations_to_unsaved_finding( + self, + finding: Finding, + locations: list[AbstractLocation], + **kwargs: dict, + ) -> None: + """Creates Endpoint objects for a single finding and creates the link via the endpoint status""" + locations = list(set(locations)) + + logger.debug(f"IMPORT_SCAN: Adding {len(locations)} locations to finding: {finding}") + self.clean_unsaved_locations(locations) + + # LOCATION LOCATION LOCATION + # TODO: bulk create the finding/product refs... + locations_saved = 0 + for unsaved_location in locations: + if saved_location := self.get_or_create_location(unsaved_location): + locations_saved += 1 + saved_location.location.associate_with_finding(finding, status=FindingLocationStatus.Active) + + logger.debug(f"IMPORT_SCAN: {locations_saved} locations imported") + + @dojo_async_task + @app.task() + def mitigate_location_status( + self, + location_refs: QuerySet[LocationFindingReference], + user: Dojo_User, + **kwargs: dict, + ) -> None: + """Mitigate all given (non-mitigated) location refs""" + location_refs.exclude(status=FindingLocationStatus.Mitigated).update( + auditor=user, + audit_time=timezone.now(), + status=FindingLocationStatus.Mitigated, + ) + + @dojo_async_task + @app.task() + def reactivate_location_status( + self, + location_refs: QuerySet[LocationFindingReference], + **kwargs: dict, + ) -> None: + """Reactivate all given (mitigated) locations refs""" + location_refs.filter(status=FindingLocationStatus.Mitigated).update( + auditor=None, + audit_time=timezone.now(), + status=FindingLocationStatus.Active, + ) + + def chunk_locations_and_disperse( + self, + finding: Finding, + locations: list[AbstractLocation], + **kwargs: dict, + ) -> None: + self.add_locations_to_unsaved_finding(finding, locations, sync=True) + + def clean_unsaved_locations( + self, + locations: list[AbstractLocation], + ) -> None: + """ + Clean endpoints that are supplied. For any endpoints that fail this validation + process, raise a message that broken endpoints are being stored + """ + for location in locations: + try: + location.clean() + except ValidationError as e: + logger.warning("DefectDojo is storing broken locations because cleaning wasn't successful: %s", e) + + def chunk_locations_and_reactivate( + self, + location_refs: QuerySet[LocationFindingReference], + **kwargs: dict, + ) -> None: + self.reactivate_location_status(location_refs, sync=True) + + def chunk_locations_and_mitigate( + self, + location_refs: QuerySet[LocationFindingReference], + user: Dojo_User, + **kwargs: dict, + ) -> None: + self.mitigate_location_status(location_refs, user, sync=True) + + def update_location_status( + self, + existing_finding: Finding, + new_finding: Finding, + user: Dojo_User, + **kwargs: dict, + ) -> None: + """Update the list of locations from the new finding with the list that is in the old finding""" + # New endpoints are already added in serializers.py / views.py (see comment "# for existing findings: make sure endpoints are present or created") + # So we only need to mitigate endpoints that are no longer present + # using `.all()` will mark as mitigated also `endpoint_status` with flags `false_positive`, `out_of_scope` and `risk_accepted`. This is a known issue. This is not a bug. This is a future. + + if new_finding.is_mitigated: + # New finding is mitigated, so mitigate all existing location refs + self.chunk_locations_and_mitigate(existing_finding.locations.all(), user) + else: + # New finding not mitigated; so, reactivate all refs + existing_location_refs: QuerySet[LocationFindingReference] = existing_finding.locations.all() + + new_locations_values = [str(location) for location in new_finding.unsaved_locations] + + # Reactivate endpoints in the old finding that are in the new finding + location_refs_to_reactivate = existing_location_refs.filter(location__location_value__in=new_locations_values) + # Mitigate endpoints in the existing finding not in the new finding + location_refs_to_mitigate = existing_location_refs.exclude(location__location_value__in=new_locations_values) + + self.chunk_locations_and_reactivate(location_refs_to_reactivate) + self.chunk_locations_and_mitigate(location_refs_to_mitigate, user) diff --git a/dojo/importers/options.py b/dojo/importers/options.py index 3b7c624235d..f7a8e722733 100644 --- a/dojo/importers/options.py +++ b/dojo/importers/options.py @@ -3,7 +3,7 @@ from datetime import datetime from functools import wraps from pprint import pformat as pp -from typing import Any +from typing import TYPE_CHECKING, Any from django.contrib.auth.models import User from django.db.models import Model @@ -22,6 +22,10 @@ ) from dojo.utils import get_current_user, is_finding_groups_enabled +if TYPE_CHECKING: + from dojo.location.models import AbstractLocation + + logger = logging.getLogger(__name__) @@ -58,7 +62,7 @@ def load_base_options( self.do_not_reactivate: bool = self.validate_do_not_reactivate(*args, **kwargs) self.commit_hash: str = self.validate_commit_hash(*args, **kwargs) self.create_finding_groups_for_all_findings: bool = self.validate_create_finding_groups_for_all_findings(*args, **kwargs) - self.endpoints_to_add: list[Endpoint] | None = self.validate_endpoints_to_add(*args, **kwargs) + self.endpoints_to_add: list[Endpoint] | list[AbstractLocation] | None = self.validate_endpoints_to_add(*args, **kwargs) self.engagement: Engagement | None = self.validate_engagement(*args, **kwargs) self.environment: Development_Environment | None = self.validate_environment(*args, **kwargs) self.group_by: str = self.validate_group_by(*args, **kwargs) diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index 34c530975dc..f3feade09e8 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -740,7 +740,10 @@ def jira_priority(obj): def jira_environment(obj): if isinstance(obj, Finding): - return "\n".join([str(endpoint) for endpoint in obj.endpoints.all()]) + if not settings.V3_FEATURE_LOCATIONS: + # TODO: Delete this after the move to Locations + return "\n".join([str(endpoint) for endpoint in obj.endpoints.all()]) + return "\n".join([str(location_ref.location) for location_ref in obj.locations.all()]) if isinstance(obj, Finding_Group): envs = [ jira_environment(finding) @@ -1917,7 +1920,12 @@ def process_resolution_from_jira(finding, resolution_id, resolution_name, assign finding.mitigated = jira_now finding.is_mitigated = True finding.mitigated_by, _created = User.objects.get_or_create(username="JIRA") - finding.endpoints.clear() + if settings.V3_FEATURE_LOCATIONS: + for location_ref in finding.locations.all(): + location_ref.location.disassociate_from_finding(finding) + else: + # TODO: Delete this after the move to Locations + finding.endpoints.clear() finding.false_p = False ra_helper.risk_unaccept(User.objects.get_or_create(username="JIRA")[0], finding) status_changed = True diff --git a/dojo/location/__init__.py b/dojo/location/__init__.py new file mode 100644 index 00000000000..9bd2bd300d2 --- /dev/null +++ b/dojo/location/__init__.py @@ -0,0 +1 @@ +import dojo.location.admin # noqa: F401 diff --git a/dojo/location/admin.py b/dojo/location/admin.py new file mode 100644 index 00000000000..7a08c95f5f8 --- /dev/null +++ b/dojo/location/admin.py @@ -0,0 +1,21 @@ +from django.contrib import admin + +from dojo.location.models import Location, LocationFindingReference, LocationProductReference + + +@admin.register(Location) +class LocationAdmin(admin.ModelAdmin): + + """Admin support for the Location model.""" + + +@admin.register(LocationFindingReference) +class LocationFindingReferenceAdmin(admin.ModelAdmin): + + """Admin support for the LocationFindingReference model.""" + + +@admin.register(LocationProductReference) +class LocationProductReferenceAdmin(admin.ModelAdmin): + + """Admin support for the LocationProductReference model.""" diff --git a/dojo/location/api/__init__.py b/dojo/location/api/__init__.py new file mode 100644 index 00000000000..2ff01484d5b --- /dev/null +++ b/dojo/location/api/__init__.py @@ -0,0 +1,3 @@ +path = "location" # noqa: RUF067 +finding_path = "location_findings" # noqa: RUF067 +product_path = "location_products" # noqa: RUF067 diff --git a/dojo/location/api/endpoint_compat.py b/dojo/location/api/endpoint_compat.py new file mode 100644 index 00000000000..1f75a3bfcf5 --- /dev/null +++ b/dojo/location/api/endpoint_compat.py @@ -0,0 +1,300 @@ +""" +Compatibility viewsets and serializers for Endpoint API using new Location models. + +These viewsets maintain API compatibility with the legacy Endpoint and Endpoint_Status +models while using the new URL and LocationFindingReference models underneath. +""" +import datetime + +from django_filters import BooleanFilter, CharFilter, NumberFilter +from django_filters.rest_framework import DjangoFilterBackend, FilterSet +from drf_spectacular.utils import extend_schema +from rest_framework import permissions, status, viewsets +from rest_framework.decorators import action +from rest_framework.fields import ( + CharField, + DateTimeField, + IntegerField, + SerializerMethodField, +) +from rest_framework.permissions import BasePermission, IsAuthenticated +from rest_framework.response import Response +from rest_framework.serializers import ModelSerializer +from rest_framework.viewsets import ReadOnlyModelViewSet + +from dojo.api_v2 import serializers +from dojo.api_v2.permissions import check_object_permission +from dojo.api_v2.prefetch import PrefetchListMixin, PrefetchRetrieveMixin +from dojo.api_v2.serializers import TagListSerializerField +from dojo.api_v2.views import report_generate +from dojo.authorization.roles_permissions import Permissions +from dojo.filters import CharFieldFilterANDExpression, CharFieldInFilter, OrderingFilter +from dojo.location.models import LocationFindingReference, LocationProductReference +from dojo.location.queries import get_authorized_location_finding_reference, get_authorized_location_product_reference +from dojo.location.status import FindingLocationStatus +from dojo.url.models import URL + +########## +# Common +########## + + +class V2WritesDisabled(BasePermission): + + """Disallows non-safe HTTP methods.""" + + message = "Writes to this endpoint are deprecated when V3_FEATURE_LOCATIONS is enabled" + + def has_permission(self, request, view): + return request.method in permissions.SAFE_METHODS + + def has_object_permission(self, request, view, obj): + return request.method in permissions.SAFE_METHODS + + +class UserHasLocationRefPermission(BasePermission): + + """Permission class for Location(Product|Finding)Reference model access.""" + + def has_object_permission(self, request, view, obj): + # obj is a URL instance, check permission on its location + return check_object_permission( + request, + obj, + Permissions.Location_View, + Permissions.Location_Edit, + Permissions.Location_Delete, + ) + + +########## +# Endpoint compatibility +########## + +class V3EndpointCompatibleFilterSet(FilterSet): + + """Endpoint-compatible FilterSet.""" + + id = NumberFilter(field_name="id", lookup_expr="exact") + + protocol = CharFilter(field_name="location__url__protocol", lookup_expr="icontains") + userinfo = CharFilter(field_name="location__url__user_info", lookup_expr="icontains") + host = CharFilter(field_name="location__url__host", lookup_expr="icontains") + port = NumberFilter(field_name="location__url__port", lookup_expr="exact") + path = CharFilter(field_name="location__url__path", lookup_expr="icontains") + query = CharFilter(field_name="location__url__query", lookup_expr="icontains") + fragment = CharFilter(field_name="location__url__fragment", lookup_expr="icontains") + + product = NumberFilter(field_name="product__id", lookup_expr="exact") + + location_id = NumberFilter(field_name="location__id", lookup_expr="exact") + + tag = CharFilter(field_name="location__tags__name", lookup_expr="icontains", help_text="Tag name contains") + tags = CharFieldInFilter(field_name="location__tags__name", lookup_expr="in", help_text="Comma separated list of exact tags (uses OR for multiple values)") + tags__and = CharFieldFilterANDExpression(field_name="location__tags__name", help_text="Comma separated list of exact tags to match with an AND expression") + not_tag = CharFilter(field_name="location__tags__name", lookup_expr="icontains", help_text="Not Tag name contains", exclude=True) + not_tags = CharFieldInFilter(field_name="location__tags__name", lookup_expr="in", help_text="Comma separated list of exact tags not present on model", exclude=True) + has_tags = BooleanFilter(field_name="location__tags", lookup_expr="isnull", exclude=True, label="Has tags") + + o = OrderingFilter( + fields=( + ("location__url__host", "host"), + ("product__id", "product"), + ("id", "id"), + ), + ) + + +class V3EndpointCompatibleSerializer(ModelSerializer): + + """Serializes a LocationProductReference model to something that looks like an Endpoint.""" + + protocol = CharField(source="location.url.protocol") + userinfo = CharField(source="location.url.user_info") + host = CharField(source="location.url.host") + port = IntegerField(source="location.url.port") + path = CharField(source="location.url.path") + query = CharField(source="location.url.query") + fragment = CharField(source="location.url.fragment") + tags = TagListSerializerField(source="location.tags") + location_id = IntegerField(source="location.id") + + class Meta: + model = LocationProductReference + exclude = ("location",) + + +class V3EndpointCompatibleViewSet(PrefetchListMixin, PrefetchRetrieveMixin, viewsets.ReadOnlyModelViewSet): + + """Read-only ViewSet for LocationProductReferences that behaves similar to EndpointViewSet for reads.""" + + serializer_class = V3EndpointCompatibleSerializer + queryset = LocationProductReference.objects.none() + filter_backends = (DjangoFilterBackend,) + filterset_class = V3EndpointCompatibleFilterSet + + permission_classes = ( + IsAuthenticated, + V2WritesDisabled, + UserHasLocationRefPermission, + ) + + def get_queryset(self): + """Get authorized URLs using Endpoint authorization logic.""" + return get_authorized_location_product_reference(Permissions.Location_View).filter(location__location_type=URL.LOCATION_TYPE).distinct() + + @extend_schema( + request=serializers.ReportGenerateOptionSerializer, + responses={status.HTTP_200_OK: serializers.ReportGenerateSerializer}, + ) + @action( + detail=True, methods=["post"], permission_classes=[IsAuthenticated], + ) + def generate_report(self, request, pk=None): + endpoint = self.get_object() + + options = {} + # prepare post data + report_options = serializers.ReportGenerateOptionSerializer( + data=request.data, + ) + if report_options.is_valid(): + options["include_finding_notes"] = report_options.validated_data[ + "include_finding_notes" + ] + options["include_finding_images"] = report_options.validated_data[ + "include_finding_images" + ] + options[ + "include_executive_summary" + ] = report_options.validated_data["include_executive_summary"] + options[ + "include_table_of_contents" + ] = report_options.validated_data["include_table_of_contents"] + else: + return Response( + report_options.errors, status=status.HTTP_400_BAD_REQUEST, + ) + + data = report_generate(request, endpoint, options) + report = serializers.ReportGenerateSerializer(data) + return Response(report.data) + + +########## +# Endpoint_Status-compatibility +########## + +class V3EndpointStatusCompatibleFilterSet(FilterSet): + + """Endpoint_Status-compatible FilterSet.""" + + mitigated = BooleanFilter(method="filter_mitigated") + false_positive = BooleanFilter(method="filter_false_positive") + out_of_scope = BooleanFilter(method="filter_out_of_scope") + risk_accepted = BooleanFilter(method="filter_risk_accepted") + + mitigated_by = CharFilter(method="filter_mitigated_by") + + finding = NumberFilter(field_name="finding", lookup_expr="exact") + endpoint = NumberFilter(method="filter_endpoint") + + def filter_mitigated(self, queryset, name, value): + if value: + return queryset.filter(status=FindingLocationStatus.Mitigated) + return queryset.exclude(status=FindingLocationStatus.Mitigated) + + def filter_false_positive(self, queryset, name, value): + if value: + return queryset.filter(status=FindingLocationStatus.FalsePositive) + return queryset.exclude(status=FindingLocationStatus.FalsePositive) + + def filter_out_of_scope(self, queryset, name, value): + if value: + return queryset.filter(status=FindingLocationStatus.OutOfScope) + return queryset.exclude(status=FindingLocationStatus.OutOfScope) + + def filter_risk_accepted(self, queryset, name, value): + if value: + return queryset.filter(status=FindingLocationStatus.RiskAccepted) + return queryset.exclude(status=FindingLocationStatus.RiskAccepted) + + def filter_mitigated_by(self, queryset, name, value): + return queryset.filter(status=FindingLocationStatus.Mitigated, auditor__iexact=value) + + def filter_endpoint(self, queryset, name, value): + return queryset.filter(location__products__id=value) + + class Meta: + model = LocationFindingReference + fields = ["mitigated", "false_positive", "out_of_scope", "risk_accepted", "mitigated_by", "finding", "endpoint"] + + +class V3EndpointStatusCompatibleSerializer(ModelSerializer): + + """Serializes a LocationFindingReference model to something that looks like an Endpoint_Status.""" + + date = SerializerMethodField() + last_modified = DateTimeField(source="updated") + + mitigated = SerializerMethodField() + mitigated_time = SerializerMethodField() + mitigated_by = SerializerMethodField() + false_positive = SerializerMethodField() + out_of_scope = SerializerMethodField() + risk_accepted = SerializerMethodField() + + endpoint = SerializerMethodField() + location_id = IntegerField(source="location.id") + + def get_date(self, obj) -> datetime.date | None: + return obj.created.date() if obj.created else None + + def get_mitigated(self, obj) -> bool | None: + return obj.created.date() if obj.created else None + + def get_mitigated_time(self, obj) -> datetime.datetime | None: + return obj.audit_time if self.get_mitigated(obj) else None + + def get_mitigated_by(self, obj) -> int | None: + return obj.auditor.id if self.get_mitigated(obj) and obj.auditor else None + + def get_false_positive(self, obj) -> bool | None: + return obj.status == FindingLocationStatus.FalsePositive + + def get_out_of_scope(self, obj) -> bool | None: + return obj.status == FindingLocationStatus.OutOfScope + + def get_risk_accepted(self, obj) -> bool | None: + return obj.status == FindingLocationStatus.RiskAccepted + + def get_endpoint(self, obj) -> int | None: + product_ref = LocationProductReference.objects.filter( + location=obj.location, + product=obj.finding.test.engagement.product, + ).first() + return product_ref.location.id if product_ref else None + + class Meta: + model = LocationFindingReference + exclude = ("location",) + + +class V3EndpointStatusCompatibleViewSet(PrefetchListMixin, PrefetchRetrieveMixin, ReadOnlyModelViewSet): + + """Read-only ViewSet for LocationFindingReferences that behaves similar to EndpointViewSet for reads.""" + + serializer_class = V3EndpointStatusCompatibleSerializer + queryset = LocationFindingReference.objects.none() + filter_backends = (DjangoFilterBackend,) + filterset_class = V3EndpointStatusCompatibleFilterSet + + permission_classes = ( + IsAuthenticated, + V2WritesDisabled, + UserHasLocationRefPermission, + ) + + def get_queryset(self): + """Get authorized URLs using Endpoint authorization logic.""" + return get_authorized_location_finding_reference(Permissions.Location_View).filter(location__location_type=URL.LOCATION_TYPE).distinct() diff --git a/dojo/location/api/filters.py b/dojo/location/api/filters.py new file mode 100644 index 00000000000..9cab6c21bfd --- /dev/null +++ b/dojo/location/api/filters.py @@ -0,0 +1,87 @@ +from __future__ import annotations + +from django_filters import NumberFilter + +from dojo.api_helpers.filters import CommonFilters, StaticMethodFilters +from dojo.location.status import FindingLocationStatus, ProductLocationStatus + + +class AbstractedLocationFilter(StaticMethodFilters): + StaticMethodFilters.create_integer_filters("id", "ID", locals()) + StaticMethodFilters.create_char_filters("location__tags__name", "Tags", locals()) + StaticMethodFilters.create_char_filters("location__created_at", "Created At", locals()) + StaticMethodFilters.create_char_filters("location__updated_at", "Updated At", locals()) + StaticMethodFilters.create_integer_filters("location__products__product", "Product ID", locals()) + StaticMethodFilters.create_integer_filters("location__findings__finding", "Finding ID", locals()) + + product = NumberFilter( + field_name="location__products__product", + lookup_expr="exact", + help_text="Product ID: Equals", + ) + + +class LocationFilter(CommonFilters): + + """Conglomerate of all Location filters.""" + + # ordering (the order of the fields is enforced) + CommonFilters.create_char_filters("location_type", "Location Type", locals()) + CommonFilters.create_char_filters("location_value", "Location Value", locals()) + CommonFilters.create_char_filters("tags__name", "Tags", locals()) + CommonFilters.create_integer_filters("products__product", "Product ID", locals()) + CommonFilters.create_integer_filters("findings__finding", "Finding ID", locals()) + CommonFilters.create_ordering_filters( + locals(), + ( + "id", + "location_type", + "location_value", + "created_at", + "updated_at", + ), + ) + + +class LocationProductReferenceFilter(CommonFilters): + CommonFilters.create_integer_filters("location", "Location", locals()) + CommonFilters.create_integer_filters("product", "Product", locals()) + CommonFilters.create_char_filters("product__name", "Product Name", locals()) + CommonFilters.create_choice_filters("status", "Status", ProductLocationStatus.choices, locals()) + CommonFilters.create_char_filters("location_type", "Location Type", locals()) + CommonFilters.create_char_filters("location_value", "Location Value", locals()) + CommonFilters.create_ordering_filters( + locals(), + ( + "id", + "location_type", + "location_value", + "product", + "product__name", + "status", + "created_at", + "updated_at", + ), + ) + + +class LocationFindingReferenceFilter(CommonFilters): + CommonFilters.create_integer_filters("location", "Location", locals()) + CommonFilters.create_integer_filters("finding", "Finding", locals()) + CommonFilters.create_char_filters("finding__severity", "Finding Severity", locals()) + CommonFilters.create_choice_filters("status", "Status", FindingLocationStatus.choices, locals()) + CommonFilters.create_char_filters("location_type", "Location Type", locals()) + CommonFilters.create_char_filters("location_value", "Location Value", locals()) + CommonFilters.create_ordering_filters( + locals(), + ( + "id", + "location_type", + "location_value", + "finding", + "finding__severity", + "status", + "created_at", + "updated_at", + ), + ) diff --git a/dojo/location/api/permissions.py b/dojo/location/api/permissions.py new file mode 100644 index 00000000000..0dd41b33aa4 --- /dev/null +++ b/dojo/location/api/permissions.py @@ -0,0 +1,46 @@ +from rest_framework.permissions import BasePermission + +from dojo.api_v2.permissions import check_object_permission, check_post_permission +from dojo.authorization.roles_permissions import Permissions +from dojo.models import ( + Finding, + Product, +) + + +class LocationFindingReferencePermission(BasePermission): + def has_permission(self, request, view): + return check_post_permission( + request, + Finding, + "finding", + Permissions.Finding_Edit, + ) + + def has_object_permission(self, request, view, obj): + return check_object_permission( + request, + obj.finding, + Permissions.Finding_View, + Permissions.Finding_Edit, + Permissions.Finding_Edit, + ) + + +class LocationProductReferencePermission(BasePermission): + def has_permission(self, request, view): + return check_post_permission( + request, + Product, + "product", + Permissions.Product_Edit, + ) + + def has_object_permission(self, request, view, obj): + return check_object_permission( + request, + obj.product, + Permissions.Product_View, + Permissions.Product_Edit, + Permissions.Product_Edit, + ) diff --git a/dojo/location/api/serializers.py b/dojo/location/api/serializers.py new file mode 100644 index 00000000000..5051f5454a1 --- /dev/null +++ b/dojo/location/api/serializers.py @@ -0,0 +1,77 @@ +from __future__ import annotations + +from rest_framework.serializers import CharField + +from dojo.api_helpers.serializers import BaseModelSerializer +from dojo.api_v2.serializers import TagListSerializerField +from dojo.location.models import ( + AbstractLocation, + Location, + LocationFindingReference, + LocationProductReference, +) + + +class AbstractedLocationSerializer(BaseModelSerializer): + string = CharField(source="location.location_value", read_only=True) + type = CharField(source="location.location_type", read_only=True) + tags = TagListSerializerField(source="location.tags", required=False) + + def update(self, instance: AbstractLocation, validated_data): + tags = validated_data.pop("location", {}).pop("tags", None) + instance = super().update(instance, validated_data) + if tags is not None: + instance.location.tags.set(tags) + return instance + + def create(self, validated_data): + tags = validated_data.pop("location", {}).pop("tags", None) + instance = super().create(validated_data) + if tags is not None: + instance.location.tags.set(tags) + return instance + + +class LocationSerializer(BaseModelSerializer): + + """Serializer for the Location model with serializers for the related objects.""" + + tags = TagListSerializerField(required=False) + inherited_tags = TagListSerializerField(required=False) + + class Meta: + + """Meta class for the Location model.""" + + model = Location + fields = "__all__" + + +class LocationFindingReferenceSerializer(BaseModelSerializer): + + """Serializer for the LocationFindingReference model with serializers for the related objects.""" + + location_type = CharField(read_only=True) + location_value = CharField(read_only=True) + + class Meta: + + """Meta class for the LocationFindingReferenceSerializer model.""" + + model = LocationFindingReference + fields = "__all__" + + +class LocationProductReferenceSerializer(BaseModelSerializer): + + """Serializer for the LocationProductReference model with serializers for the related objects.""" + + location_type = CharField(read_only=True) + location_value = CharField(read_only=True) + + class Meta: + + """Meta class for the LocationProductReference model.""" + + model = LocationProductReference + fields = "__all__" diff --git a/dojo/location/api/urls.py b/dojo/location/api/urls.py new file mode 100644 index 00000000000..25494552c76 --- /dev/null +++ b/dojo/location/api/urls.py @@ -0,0 +1,9 @@ +from dojo.location.api import finding_path, path, product_path +from dojo.location.api.views import LocationFindingReferenceViewSet, LocationProductReferenceViewSet, LocationViewSet + + +def add_locations_urls(router): + router.register(path, LocationViewSet, path) + router.register(finding_path, LocationFindingReferenceViewSet, finding_path) + router.register(product_path, LocationProductReferenceViewSet, product_path) + return router diff --git a/dojo/location/api/views.py b/dojo/location/api/views.py new file mode 100644 index 00000000000..9eb276bc6b3 --- /dev/null +++ b/dojo/location/api/views.py @@ -0,0 +1,82 @@ +from django.db.models import QuerySet +from django_filters.rest_framework import DjangoFilterBackend +from rest_framework.permissions import DjangoModelPermissions, IsAuthenticated +from rest_framework.viewsets import ReadOnlyModelViewSet + +from dojo.api_v2.permissions import IsSuperUser +from dojo.api_v2.views import PrefetchDojoModelViewSet +from dojo.authorization.roles_permissions import Permissions +from dojo.location.api.filters import ( + LocationFilter, + LocationFindingReferenceFilter, + LocationProductReferenceFilter, +) +from dojo.location.api.permissions import ( + LocationFindingReferencePermission, + LocationProductReferencePermission, +) +from dojo.location.api.serializers import ( + LocationFindingReferenceSerializer, + LocationProductReferenceSerializer, + LocationSerializer, +) +from dojo.location.models import ( + Location, + LocationFindingReference, + LocationProductReference, +) +from dojo.location.queries import ( + get_authorized_location_finding_reference, + get_authorized_location_product_reference, +) + + +class LocationViewSet(ReadOnlyModelViewSet): + + """A simple ViewSet for viewing and editing Locations.""" + + serializer_class = LocationSerializer + queryset = Location.objects.none() + filterset_class = LocationFilter + filter_backends = [DjangoFilterBackend] + permission_classes = (IsSuperUser, DjangoModelPermissions) + + def get_queryset(self) -> QuerySet[Location]: + """Return the queryset of Locations.""" + return Location.objects.order_by_id() + + +class LocationFindingReferenceViewSet(PrefetchDojoModelViewSet): + + """A simple ViewSet for viewing and editing LocationFindingReference.""" + + serializer_class = LocationFindingReferenceSerializer + queryset = LocationFindingReference.objects.none() + filterset_class = LocationFindingReferenceFilter + filter_backends = [DjangoFilterBackend] + permission_classes = [ + IsAuthenticated, + LocationFindingReferencePermission, + ] + + def get_queryset(self) -> QuerySet[LocationFindingReference]: + """Return the queryset of LocationFindingReferences.""" + return get_authorized_location_finding_reference(Permissions.Location_View) + + +class LocationProductReferenceViewSet(PrefetchDojoModelViewSet): + + """A simple ViewSet for viewing and editing LocationProductReference.""" + + serializer_class = LocationProductReferenceSerializer + queryset = LocationProductReference.objects.none() + filterset_class = LocationProductReferenceFilter + filter_backends = [DjangoFilterBackend] + permission_classes = [ + IsAuthenticated, + LocationProductReferencePermission, + ] + + def get_queryset(self) -> QuerySet[LocationProductReference]: + """Return the queryset of LocationProductReferences.""" + return get_authorized_location_product_reference(Permissions.Location_View) diff --git a/dojo/location/manager.py b/dojo/location/manager.py new file mode 100644 index 00000000000..e4aaa13ef37 --- /dev/null +++ b/dojo/location/manager.py @@ -0,0 +1,61 @@ + +from django.db.models import CharField, F, Value +from django.db.models.functions import Coalesce + +from dojo.base_models.base import BaseManager, BaseQuerySet + + +class LocationQueryset(BaseQuerySet): + + """Location Queryset to add chainable queries.""" + + +class LocationManager(BaseManager): + + """Location manager to manipulate all objects with.""" + + QUERY_SET_CLASS = LocationQueryset + + +class LocationProductReferenceQueryset(BaseQuerySet): + + """LocationProductReference Queryset to add chainable queries.""" + + def with_location_annotations(self): + """ + Annotate char fields from the nullable foreign key `location`. + Falls back to '' if the relation is NULL. + """ + return self.annotate( + location_type=Coalesce(F("location__location_type"), Value("", output_field=CharField())), + location_value=Coalesce(F("location__location_value"), Value("", output_field=CharField())), + ) + + +class LocationProductReferenceManager(BaseManager): + + """LocationProductReference manager to manipulate all objects with.""" + + QUERY_SET_CLASS = LocationProductReferenceQueryset + + +class LocationFindingReferenceQueryset(BaseQuerySet): + + """LocationFindingReference Queryset to add chainable queries.""" + + def with_location_annotations(self): + """ + Annotate char fields from the nullable foreign key `location`. + Falls back to '' if the relation is NULL. + """ + return self.annotate( + location_type=Coalesce(F("location__location_type"), Value("", output_field=CharField())), + location_value=Coalesce(F("location__location_value"), Value("", output_field=CharField())), + ) + + +class LocationFindingReferenceManager(BaseManager): + + """LocationFindingReference manager to manipulate all objects with.""" + + QUERY_SET_CLASS = LocationFindingReferenceQueryset diff --git a/dojo/location/models.py b/dojo/location/models.py new file mode 100644 index 00000000000..7b39c1c0a26 --- /dev/null +++ b/dojo/location/models.py @@ -0,0 +1,363 @@ +from __future__ import annotations + +from typing import TYPE_CHECKING, Self + +from auditlog.registry import auditlog +from django.db import transaction +from django.db.models import ( + CASCADE, + RESTRICT, + CharField, + DateTimeField, + ForeignKey, + Index, + OneToOneField, + Q, + QuerySet, + UniqueConstraint, +) +from django.utils.translation import gettext_lazy as _ +from tagulous.models import TagField + +from dojo.base_models.base import BaseModel, BaseModelWithoutTimeMeta +from dojo.base_models.validators import validate_not_empty +from dojo.location.manager import ( + LocationFindingReferenceManager, + LocationFindingReferenceQueryset, + LocationManager, + LocationProductReferenceManager, + LocationProductReferenceQueryset, + LocationQueryset, +) +from dojo.location.status import FindingLocationStatus, ProductLocationStatus +from dojo.models import Dojo_User, Finding, Product, _manage_inherited_tags, copy_model_util +from dojo.settings import settings + +if TYPE_CHECKING: + from datetime import datetime + + +class Location(BaseModel): + + """Internal metadata for a location. Managed automatically by subclasses.""" + + location_type = CharField( + verbose_name=_("Location type"), + max_length=12, + null=False, + blank=False, + editable=False, + validators=[validate_not_empty], + help_text=_("The type of location that is stored. This field is automatically managed"), + ) + location_value = CharField( + verbose_name=_("Location Value"), + max_length=2048, + null=False, + blank=False, + editable=False, + validators=[validate_not_empty], + help_text=_("The string representation of a given location. This field is automatically managed"), + ) + tags = TagField( + verbose_name=_("Tags"), + blank=True, + force_lowercase=True, + related_name="location_tags", + help_text=_("A tag that can be used to differentiate a Location"), + ) + inherited_tags = TagField( + blank=True, + force_lowercase=True, + help_text=_("Internal use tags sepcifically for maintaining parity with product. This field will be present as a subset in the tags field"), + ) + + objects = LocationManager().from_queryset(LocationQueryset)() + + def __str__(self): + return self.location_value + + def status_from_finding(self, finding: Finding) -> str: + """Determine the status the reference should carry based on the status of the finding""" + # Set the default status to Active to be on the safe side + status = FindingLocationStatus.Active + # First determine the status based on the finding status + finding_status = finding.status() + if any(f_status in finding_status for f_status in ["Mitigated", "Inactive", "Duplicate"]): + status = FindingLocationStatus.Mitigated + elif "False Positive" in finding_status: + status = FindingLocationStatus.FalsePositive + elif "Risk Accepted" in finding_status: + status = FindingLocationStatus.RiskAccepted + return status + + def status_from_product(self, product: Product) -> str: + """Determine the status the reference should carry based on the status of the product""" + # Set the default status to non vulnerable by default + status = ProductLocationStatus.Mitigated + # First determine the status based on the number of findings present + if self.findings.filter( + finding__test__engagement__product=product, + status=FindingLocationStatus.Active, + ).exists(): + status = ProductLocationStatus.Active + return status + + def associate_with_finding( + self, + finding: Finding, + status: FindingLocationStatus | None = None, + auditor: Dojo_User | None = None, + audit_time: datetime | None = None, + ) -> LocationFindingReference: + """ + Get or create a LocationFindingReference for this location and finding, + updating the status each time. Also associates the related product. + """ + # Determine the status + if status is None: + status = self.status_from_finding(finding) + # Setup some context aware updated fields + context_fields = {"status": status} + # Check for an auditor + if auditor is not None: + context_fields["auditor"] = auditor + # Check for an audit timestamp + if audit_time is not None: + context_fields["audit_time"] = audit_time + # Determine if we need to update + # Ensure atomicity to prevent race conditions + with transaction.atomic(): + # Associate the finding with the location + reference = LocationFindingReference.objects.update_or_create( + location=self, + finding=finding, + defaults=context_fields, + )[0] + # Now associate the product for this finding (already uses update_or_create) + self.associate_with_product(finding.test.engagement.product) + + return reference + + def associate_with_product( + self, + product: Product, + status: ProductLocationStatus | None = None, + ) -> LocationProductReference: + """ + Get or create a LocationProductReference for this location and product, + updating the status each time. + """ + if status is None: + status = self.status_from_product(product) + # Use a transaction for safety in concurrent scenarios + with transaction.atomic(): + return LocationProductReference.objects.update_or_create( + location=self, + product=product, + defaults={"status": status}, + )[0] + + def disassociate_from_finding( + self, + finding: Finding, + ) -> None: + with transaction.atomic(): + LocationFindingReference.objects.filter( + location=self, + finding=finding, + ).delete() + + def disassociate_from_product( + self, + product: Product, + ) -> None: + with transaction.atomic(): + LocationProductReference.objects.filter( + location=self, + product=product, + ).delete() + + @property + def active_annotated_findings(self): + """ + This is a hack used exclusively to generate endpoint reports where findings + are fetched from the findings rather than the findings being fetched directly. + """ + # If we prefetched refs, expose the actual Finding objects + if hasattr(self, "_active_annotated_findings"): + return [ref.finding for ref in self._active_annotated_findings] + return [] + + def all_related_products(self) -> QuerySet[Product]: + return Product.objects.filter( + Q(locations__location=self) + | Q(engagement__test__finding__locations__location=self), + ).distinct() + + def products_to_inherit_tags_from(self) -> list[Product]: + from dojo.utils import get_system_setting # noqa: PLC0415 + system_wide_inherit = get_system_setting("enable_product_tag_inheritance") + return [ + product for product + in self.all_related_products() + if product.enable_product_tag_inheritance or system_wide_inherit + ] + + def inherit_tags(self, potentially_existing_tags): + # get a copy of the tags to be inherited + incoming_inherited_tags = [tag.name for product in self.products_to_inherit_tags_from() for tag in product.tags.all()] + _manage_inherited_tags(self, incoming_inherited_tags, potentially_existing_tags=potentially_existing_tags) + + class Meta: + verbose_name = "Locations - Location" + verbose_name_plural = "Locations - Locations" + indexes = [ + Index(fields=["location_type"]), + Index(fields=["location_value"]), + ] + + +class AbstractLocation(BaseModelWithoutTimeMeta): + location = OneToOneField( + Location, + on_delete=CASCADE, + editable=False, + null=False, + related_name="%(class)s", + ) + + class Meta: + abstract = True + + @classmethod + def get_location_type(cls) -> str: + """Return the type of location (e.g., 'url').""" + msg = "Subclasses must implement get_location_type" + raise NotImplementedError(msg) + + def get_location_value(self) -> str: + """Return the string representation of this location.""" + msg = "Subclasses must implement get_location_value" + raise NotImplementedError(msg) + + @staticmethod + def create_location_from_value(value: str) -> Self: + """ + Dynamically create a Location and subclass instance based on location_type + and location_value. Uses parse_string_value from the correct subclass. + """ + msg = "Subclasses must implement create_location_from_value" + raise NotImplementedError(msg) + + def pre_save_logic(self): + """Automatically create or update the associated Location.""" + location_value = self.get_location_value() + location_type = self.get_location_type() + + if not hasattr(self, "location"): + self.location = Location.objects.create( + location_type=location_type, + location_value=location_value, + ) + else: + self.location.location_type = location_type + self.location.location_value = location_value + self.location.save(update_fields=["location_type", "location_value"]) + + +class LocationFindingReference(BaseModel): + + """Manually managed One-2-Many field to represent the relationship of a finding and a location.""" + + location = ForeignKey(Location, on_delete=CASCADE, related_name="findings") + finding = ForeignKey(Finding, on_delete=CASCADE, related_name="locations") + auditor = ForeignKey(Dojo_User, editable=True, null=True, blank=True, on_delete=RESTRICT, help_text=_("The user who audited the location")) + audit_time = DateTimeField(editable=False, null=True, blank=True, help_text=_("The time when the audit was performed")) + status = CharField( + verbose_name=_("Status"), + choices=FindingLocationStatus.choices, + max_length=16, + null=False, + blank=False, + default=FindingLocationStatus.Active, + editable=True, + validators=[validate_not_empty], + help_text=_("The status of the the given Location"), + ) + + objects = LocationFindingReferenceManager().from_queryset(LocationFindingReferenceQueryset)() + + def __str__(self) -> str: + """Return the string representation of a LocationProductReference.""" + return f"{self.location} - Finding: {self.finding} ({self.status})" + + def copy(self, finding) -> Self: + copy = copy_model_util(self) + copy.finding = finding + copy.location = self.location + copy.save() + return copy + + def set_status(self, status: FindingLocationStatus, auditor: Dojo_User, audit_time: datetime) -> None: + self.status = status + self.auditor = auditor + self.audit_time = audit_time + self.save() + + class Meta: + verbose_name = "Locations - FindingReference" + verbose_name_plural = "Locations - FindingReferences" + constraints = [ + UniqueConstraint( + fields=["location", "finding"], + name="unique_location_and_finding", + ), + ] + indexes = [ + Index(fields=["location"]), + Index(fields=["finding"]), + ] + + +class LocationProductReference(BaseModel): + + """Manually managed One-2-Many field to represent the relationship of a product and a location.""" + + location = ForeignKey(Location, on_delete=CASCADE, related_name="products") + product = ForeignKey(Product, on_delete=CASCADE, related_name="locations") + status = CharField( + verbose_name=_("Status"), + choices=ProductLocationStatus.choices, + max_length=16, + null=False, + blank=False, + default=ProductLocationStatus.Mitigated, + editable=True, + validators=[validate_not_empty], + help_text=_("The status of the the given Location"), + ) + + objects = LocationProductReferenceManager().from_queryset(LocationProductReferenceQueryset)() + + def __str__(self) -> str: + """Return the string representation of a LocationProductReference.""" + return f"{self.location} - Product: {self.product} ({self.status})" + + class Meta: + verbose_name = "Locations - ProductReference" + verbose_name_plural = "Locations - ProductReferences" + constraints = [ + UniqueConstraint( + fields=["location", "product"], + name="unique_location_and_product", + ), + ] + indexes = [ + Index(fields=["location"]), + Index(fields=["product"]), + ] + + +if settings.ENABLE_AUDITLOG: + auditlog.register(Location) diff --git a/dojo/location/queries.py b/dojo/location/queries.py new file mode 100644 index 00000000000..fae2a5b9ad8 --- /dev/null +++ b/dojo/location/queries.py @@ -0,0 +1,226 @@ +import logging + +from crum import get_current_user +from django.db.models import ( + Case, + CharField, + Count, + Exists, + F, + IntegerField, + OuterRef, + Q, + QuerySet, + Subquery, + Value, + When, +) +from django.db.models.functions import Coalesce + +from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission +from dojo.location.models import Location, LocationFindingReference, LocationProductReference +from dojo.location.status import FindingLocationStatus, ProductLocationStatus +from dojo.models import ( + Finding, + Product_Group, + Product_Member, + Product_Type_Group, + Product_Type_Member, +) +from dojo.query_utils import build_count_subquery + +logger = logging.getLogger(__name__) + + +def get_authorized_locations(permission, queryset=None, user=None): + + if user is None: + user = get_current_user() + + if user is None: + return Location.objects.none() + + locations = Location.objects.all().order_by("id") if queryset is None else queryset + + if user.is_superuser: + return locations + + if user_has_global_permission(user, permission): + return locations + + roles = get_roles_for_permission(permission) + authorized_product_type_roles = Product_Type_Member.objects.filter( + product_type=OuterRef("products__product__prod_type_id"), + user=user, + role__in=roles) + authorized_product_roles = Product_Member.objects.filter( + product=OuterRef("products__product_id"), + user=user, + role__in=roles) + authorized_product_type_groups = Product_Type_Group.objects.filter( + product_type=OuterRef("products__product__prod_type_id"), + group__users=user, + role__in=roles) + authorized_product_groups = Product_Group.objects.filter( + product=OuterRef("products__product_id"), + group__users=user, + role__in=roles) + locations = locations.annotate( + product__prod_type__member=Exists(authorized_product_type_roles), + product__member=Exists(authorized_product_roles), + product__prod_type__authorized_group=Exists(authorized_product_type_groups), + product__authorized_group=Exists(authorized_product_groups)) + return locations.filter( + Q(product__prod_type__member=True) | Q(product__member=True) + | Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) + + +def get_authorized_location_finding_reference(permission, queryset=None, user=None): + + if user is None: + user = get_current_user() + + if user is None: + return LocationFindingReference.objects.none() + + location_finding_reference = LocationFindingReference.objects.all().order_by("id") if queryset is None else queryset + + if user.is_superuser: + return location_finding_reference + + if user_has_global_permission(user, permission): + return location_finding_reference + + roles = get_roles_for_permission(permission) + authorized_product_type_roles = Product_Type_Member.objects.filter( + product_type=OuterRef("location__products__product__prod_type_id"), + user=user, + role__in=roles) + authorized_product_roles = Product_Member.objects.filter( + product=OuterRef("location__products__product_id"), + user=user, + role__in=roles) + authorized_product_type_groups = Product_Type_Group.objects.filter( + product_type=OuterRef("location__products__product__prod_type_id"), + group__users=user, + role__in=roles) + authorized_product_groups = Product_Group.objects.filter( + product=OuterRef("location__products__product_id"), + group__users=user, + role__in=roles) + location_finding_reference = location_finding_reference.annotate( + location__product__prod_type__member=Exists(authorized_product_type_roles), + location__product__member=Exists(authorized_product_roles), + location__product__prod_type__authorized_group=Exists(authorized_product_type_groups), + location__product__authorized_group=Exists(authorized_product_groups)) + return location_finding_reference.filter( + Q(location__product__prod_type__member=True) | Q(location__product__member=True) + | Q(location__product__prod_type__authorized_group=True) | Q(location__product__authorized_group=True)) + + +def get_authorized_location_product_reference(permission, queryset=None, user=None): + + if user is None: + user = get_current_user() + + if user is None: + return LocationProductReference.objects.none() + + location_product_reference = LocationProductReference.objects.all().order_by("id") if queryset is None else queryset + + if user.is_superuser: + return location_product_reference + + if user_has_global_permission(user, permission): + return location_product_reference + + roles = get_roles_for_permission(permission) + authorized_product_type_roles = Product_Type_Member.objects.filter( + product_type=OuterRef("product__prod_type_id"), + user=user, + role__in=roles) + authorized_product_roles = Product_Member.objects.filter( + product=OuterRef("product_id"), + user=user, + role__in=roles) + authorized_product_type_groups = Product_Type_Group.objects.filter( + product_type=OuterRef("product__prod_type_id"), + group__users=user, + role__in=roles) + authorized_product_groups = Product_Group.objects.filter( + product=OuterRef("product_id"), + group__users=user, + role__in=roles) + location_product_reference = location_product_reference.annotate( + location__product__prod_type__member=Exists(authorized_product_type_roles), + location__product__member=Exists(authorized_product_roles), + location__product__prod_type__authorized_group=Exists(authorized_product_type_groups), + location__product__authorized_group=Exists(authorized_product_groups)) + return location_product_reference.filter( + Q(location__product__prod_type__member=True) | Q(location__product__member=True) + | Q(location__product__prod_type__authorized_group=True) | Q(location__product__authorized_group=True)) + + +def annotate_location_counts_and_status(locations): + # Annotate the queryset with counts of findings + # This aggregates the total and active findings by joining LocationFindingReference. + finding_counts = ( + LocationFindingReference.objects.prefetch_related("location") + .filter(location=OuterRef("id")) + .values("location") + .annotate( + total_findings=Count("finding_id", distinct=True), + active_findings=Count( + "finding_id", + filter=Q(status=FindingLocationStatus.Active), + distinct=True, + ), + ) + .order_by("location") + ) + # Annotate the queryset with counts of products + # This aggregates the total and active products by joining LocationProductReference. + product_counts = ( + LocationProductReference.objects.prefetch_related("location") + .filter(location=OuterRef("id")) + .values("location") + .annotate( + total_products=Count("product_id", distinct=True), + active_products=Count( + "product_id", + filter=Q(status=ProductLocationStatus.Active), + distinct=True, + ), + ) + .order_by("location") + ) + # Annotate each Location with findings counts, products counts, and overall status. + return locations.prefetch_related("url").annotate( + total_findings=Coalesce(Subquery(finding_counts.values("total_findings")[:1]), Value(0), output_field=IntegerField()), + active_findings=Coalesce(Subquery(finding_counts.values("active_findings")[:1]), Value(0), output_field=IntegerField()), + total_products=Coalesce(Subquery(product_counts.values("total_products")[:1]), Value(0), output_field=IntegerField()), + active_products=Coalesce(Subquery(product_counts.values("active_products")[:1]), Value(0), output_field=IntegerField()), + mitigated_findings=F("total_findings") - F("active_findings"), + overall_status=Case( + When( + Q(active_products__gt=0) | Q(active_findings__gt=0), + then=Value(ProductLocationStatus.Active), + ), + default=Value(ProductLocationStatus.Mitigated), + output_field=CharField(), + ), + ) + + +def prefetch_for_locations(locations): + if isinstance(locations, QuerySet): + locations = locations.prefetch_related("tags") + active_finding_subquery = build_count_subquery( + Finding.objects.filter(locations=OuterRef("pk"), active=True), + group_field="locations", + ) + locations = locations.annotate(active_finding_count=Coalesce(active_finding_subquery, Value(0))) + else: + logger.debug("unable to prefetch because query was already executed") + + return locations diff --git a/dojo/location/status.py b/dojo/location/status.py new file mode 100644 index 00000000000..18ccd602df1 --- /dev/null +++ b/dojo/location/status.py @@ -0,0 +1,25 @@ +from __future__ import annotations + +from django.db.models import ( + TextChoices, +) +from django.utils.translation import gettext_lazy as _ + + +class FindingLocationStatus(TextChoices): + + """Types of supported Location Statuses.""" + + Active = "Active", _("Active") + Mitigated = "Mitigated", _("Mitigated") + FalsePositive = "FalsePositive", _("False Positive") + RiskAccepted = "RiskAccepted", _("Risk Accepted") + OutOfScope = "OutOfScope", _("Out Of Scope") + + +class ProductLocationStatus(TextChoices): + + """Types of supported Location Statuses.""" + + Active = "Active", _("Active") + Mitigated = "Mitigated", _("Mitigated") diff --git a/dojo/location/utils.py b/dojo/location/utils.py new file mode 100644 index 00000000000..5cf3df25d1e --- /dev/null +++ b/dojo/location/utils.py @@ -0,0 +1,86 @@ +import logging + +from django.core.exceptions import ValidationError +from django.db.models import Q + +from dojo.location.models import AbstractLocation +from dojo.url.models import URL +from dojo.url.validators import DEFAULT_PORTS + +logger = logging.getLogger(__name__) + + +def save_location(unsaved_location: AbstractLocation) -> AbstractLocation: + # Only support URLs at this time + if isinstance(unsaved_location, URL): + return URL.get_or_create_from_object(unsaved_location) + error_message = f"Unsupported location type {type(unsaved_location)}" + raise ValidationError(error_message) + + +def save_locations_to_add(locations_to_add: list[AbstractLocation]) -> list[AbstractLocation]: + return [save_location(unsaved_location) for unsaved_location in locations_to_add] + + +def validate_locations_to_add(locations_to_add: str) -> tuple[list[AbstractLocation], list[ValidationError]]: + errors = [] + locations = [] + location_strings = locations_to_add.split() + # For now, we only support URL location types + for location_string in location_strings: + try: + locations.append(URL.from_value(location_string)) + except ValidationError as ves: + errors.extend(ValidationError(f"Invalid location {location_string}: {ve}") for ve in ves) + + return locations, errors + + +# This code blatantly rips off dojo.endpoint.utils.endpoint_filter() +def url_filter(**kwargs): + qs = URL.objects.all() + + qs = qs.filter(protocol__iexact=kwargs["protocol"]) if kwargs.get("protocol") else qs.filter(protocol="") + + qs = qs.filter(user_info__exact=kwargs["user_info"]) if kwargs.get("user_info") else qs.filter(user_info="") + + qs = qs.filter(host__iexact=kwargs["host"]) if kwargs.get("host") else qs.filter(host="") + + if kwargs.get("port"): + if (kwargs.get("protocol")) and \ + (kwargs["protocol"].lower() in DEFAULT_PORTS) and \ + (DEFAULT_PORTS[kwargs["protocol"].lower()] == kwargs["port"]): + qs = qs.filter(Q(port__isnull=True) | Q(port__exact=DEFAULT_PORTS[kwargs["protocol"].lower()])) + else: + qs = qs.filter(port__exact=kwargs["port"]) + elif (kwargs.get("protocol")) and (kwargs["protocol"].lower() in DEFAULT_PORTS): + qs = qs.filter(Q(port__isnull=True) | Q(port__exact=DEFAULT_PORTS[kwargs["protocol"].lower()])) + else: + qs = qs.filter(port__isnull=True) + + qs = qs.filter(path__exact=kwargs["path"]) if kwargs.get("path") else qs.filter(path="") + + qs = qs.filter(query__exact=kwargs["query"]) if kwargs.get("query") else qs.filter(query="") + + return qs.filter(fragment__exact=kwargs["fragment"]) if kwargs.get("fragment") else qs.filter(fragment="") + + +# This code blatantly rips off dojo.endpoint.utils.endpoint_get_or_create() +def url_get_or_create(**kwargs): + # This code looks a bit ugly/complicated. + # But this method is called so frequently that we need to optimize it. + # It executes at most one SELECT and one optional INSERT. + qs = url_filter(**kwargs) + # Fetch up to two matches in a single round-trip. This covers + # the common cases efficiently: zero (create) or one (reuse). + matches = list(qs.order_by("id")[:2]) + if not matches: + # Most common case: nothing exists yet + return URL.get_or_create_from_values(**kwargs), True + if len(matches) == 1: + # Common case: exactly one existing URL + return matches[0], False + # Get the oldest URL first, and return that instead + # a datetime is not captured on the URL model, so ID + # will have to work here instead + return matches[0], False diff --git a/dojo/management/commands/dedupe.py b/dojo/management/commands/dedupe.py index 913c528f299..a4cbee519a6 100644 --- a/dojo/management/commands/dedupe.py +++ b/dojo/management/commands/dedupe.py @@ -89,16 +89,29 @@ def _run_dedupe(self, *, restrict_to_parsers, hash_code_only, dedupe_only, dedup findings = Finding.objects.all().filter(id__gt=0).exclude(duplicate=True) logger.info("######## Will process the full database with %d findings ########", findings.count()) - # Prefetch related objects for synchronous deduplication - findings = findings.select_related( - "test", "test__engagement", "test__engagement__product", "test__test_type", - ).prefetch_related( - "endpoints", - Prefetch( - "original_finding", - queryset=Finding.objects.only("id", "duplicate_finding_id").order_by("-id"), - ), - ) + if settings.V3_FEATURE_LOCATIONS: + # Prefetch related objects for synchronous deduplication + findings = findings.select_related( + "test", "test__engagement", "test__engagement__product", "test__test_type", + ).prefetch_related( + "locations", + Prefetch( + "original_finding", + queryset=Finding.objects.only("id", "duplicate_finding_id").order_by("-id"), + ), + ) + else: + # TODO: Delete this after the move to Locations + # Prefetch related objects for synchronous deduplication + findings = findings.select_related( + "test", "test__engagement", "test__engagement__product", "test__test_type", + ).prefetch_related( + "endpoints", + Prefetch( + "original_finding", + queryset=Finding.objects.only("id", "duplicate_finding_id").order_by("-id"), + ), + ) # Phase 1: update hash_codes without deduplicating if not dedupe_only: diff --git a/dojo/management/commands/migrate_endpoints_to_locations.py b/dojo/management/commands/migrate_endpoints_to_locations.py new file mode 100644 index 00000000000..d30fa121d3b --- /dev/null +++ b/dojo/management/commands/migrate_endpoints_to_locations.py @@ -0,0 +1,97 @@ +import datetime +import logging + +from django.core.management.base import BaseCommand +from django.utils import timezone + +from dojo.location.models import Location +from dojo.location.status import FindingLocationStatus +from dojo.models import DojoMeta, Endpoint, Endpoint_Status +from dojo.url.models import URL + +logger = logging.getLogger(__name__) + + +class Command(BaseCommand): + + """ + This management command creates a mapping from Endpoints and Endpoint Statuses to a new Locations system. + The following occurs: + - Endpoints -> URL (which will create a Location) + - Products on Endpoint -> LocationProductReference + - Findings on Endpoints -> LocationProductReference + """ + + help = "Usage: manage.py migrate_endpoints_to_locations" + + def _endpoint_to_url(self, endpoint: Endpoint) -> Location: + # Create the raw URL object first + # This should create the location object as well + url = URL.get_or_create_from_values( + protocol=endpoint.protocol, + user_info=endpoint.userinfo, + host=endpoint.host, + port=endpoint.port, + path=endpoint.path, + query=endpoint.query, + fragment=endpoint.fragment, + ) + # Add the endpoint tags to the location tags + if endpoint.tags: + [url.location.tags.add(tag) for tag in set(endpoint.tags.values_list("name", flat=True))] + # Add any metadata from the endpoint to the location + for meta in endpoint.endpoint_meta.all(): + DojoMeta.objects.get_or_create( + name=meta.name, + value=meta.value, + location=url.location, + ) + + return url.location + + def _convert_endpoint_status_to_string_status(self, endpoint_status: Endpoint_Status) -> str: + """ + Start the conversion with the "special" statuses first since we are moving to a model + of having a single status possible rather than a combo of many + """ + if endpoint_status.risk_accepted: + return FindingLocationStatus.RiskAccepted + if endpoint_status.false_positive: + return FindingLocationStatus.FalsePositive + if endpoint_status.out_of_scope: + return FindingLocationStatus.OutOfScope + if endpoint_status.mitigated: + return FindingLocationStatus.Mitigated + # Default to Active + return FindingLocationStatus.Active + + def _associate_location_with_findings(self, endpoint: Endpoint, location: Location) -> None: + # Determine if we can associate from the finding, or if have to use the product (for cases of zero findings on an endpoint) + if endpoint.status_endpoint.exists(): + # Iterate over each endpoint status to get the status and the finding object + for endpoint_status in endpoint.status_endpoint.all(): + if finding := endpoint_status.finding: + # Determine the status of the location based on the status of the endpoint status + status = self._convert_endpoint_status_to_string_status(endpoint_status) + # Create the association (which will also associate with the product) + reference = location.associate_with_finding( + finding=finding, + status=status, + auditor=endpoint_status.mitigated_by, + audit_time=endpoint_status.mitigated_time or endpoint_status.last_modified, + ) + # Update the created date from the endpoint status date + reference.created = timezone.make_aware(datetime.datetime(endpoint_status.date.year, endpoint_status.date.month, endpoint_status.date.day)) + reference.save(update_fields=["created"]) + # If there are no findings, we can at least associate with the product if it exists + elif product := endpoint.product: + location.associate_with_product(product) + + def handle(self, *args, **options): + # Start off with the endpoint objects - it should everything we need + for endpoint in Endpoint.objects.all().iterator(): + # Get the URL object first + location = self._endpoint_to_url(endpoint) + # Associate the URL with the findings associated with the Findings + # the association to a finding will also apply to a product automatically + self._associate_location_with_findings(endpoint, location) diff --git a/dojo/metrics/utils.py b/dojo/metrics/utils.py index 7f931d5ad1f..ec73ff60762 100644 --- a/dojo/metrics/utils.py +++ b/dojo/metrics/utils.py @@ -169,6 +169,7 @@ def finding_queries( } +# TODO: Delete this after the move to Locations def endpoint_queries( prod_type: QuerySet[Product_Type], request: HttpRequest, @@ -184,7 +185,7 @@ def endpoint_queries( "finding__reporter", ) - endpoints_query = get_authorized_endpoint_status_for_queryset(Permissions.Endpoint_View, endpoints_query, request.user) + endpoints_query = get_authorized_endpoint_status_for_queryset(Permissions.Location_View, endpoints_query, request.user) filter_string_matching = get_system_setting("filter_string_matching", False) filter_class = MetricsEndpointFilterWithoutObjectLookups if filter_string_matching else MetricsEndpointFilter endpoints = filter_class(request.GET, queryset=endpoints_query) @@ -230,8 +231,8 @@ def endpoint_queries( "finding__test__engagement__product", ) - endpoints_closed = get_authorized_endpoint_status_for_queryset(Permissions.Endpoint_View, endpoints_closed, request.user) - accepted_endpoints = get_authorized_endpoint_status_for_queryset(Permissions.Endpoint_View, accepted_endpoints, request.user) + endpoints_closed = get_authorized_endpoint_status_for_queryset(Permissions.Location_View, endpoints_closed, request.user) + accepted_endpoints = get_authorized_endpoint_status_for_queryset(Permissions.Location_View, accepted_endpoints, request.user) accepted_endpoints_counts = severity_count(accepted_endpoints, "aggregate", "finding__severity") weeks_between, months_between = period_deltas(start_date, end_date) diff --git a/dojo/metrics/views.py b/dojo/metrics/views.py index 88788660b1c..99c0aea617f 100644 --- a/dojo/metrics/views.py +++ b/dojo/metrics/views.py @@ -100,6 +100,7 @@ def metrics(request, mtype): if view == "Finding": page_name = str(labels.ORG_METRICS_BY_FINDINGS_LABEL) filters = finding_queries(prod_type, request) + # TODO: Delete this after the move to Locations elif view == "Endpoint": page_name = str(labels.ORG_METRICS_BY_ENDPOINTS_LABEL) filters = endpoint_queries(prod_type, request) diff --git a/dojo/models.py b/dojo/models.py index f610d47bd64..2281a2bfac8 100644 --- a/dojo/models.py +++ b/dojo/models.py @@ -1,4 +1,5 @@ import base64 +import contextlib import copy import hashlib import logging @@ -8,6 +9,7 @@ from datetime import datetime, timedelta from decimal import Decimal from pathlib import Path +from typing import TYPE_CHECKING from urllib.parse import urlparse from uuid import uuid4 @@ -44,8 +46,12 @@ from tagulous.models.managers import FakeTagRelatedManager from titlecase import titlecase +from dojo.base_models.base import BaseModel from dojo.validators import cvss3_validator, cvss4_validator +if TYPE_CHECKING: + from dojo.location.models import AbstractLocation + logger = logging.getLogger(__name__) deduplicationLogger = logging.getLogger("dojo.specific-loggers.deduplication") @@ -831,7 +837,7 @@ def clean(self): raise ValidationError(msg) -class Product_Type(models.Model): +class Product_Type(BaseModel): """ Product types represent the top level model, these can be business unit divisions, different offices or locations, development teams, or any other logical way of distinguishing "types" of products. @@ -847,8 +853,6 @@ class Product_Type(models.Model): description = models.CharField(max_length=4000, null=True, blank=True) critical_product = models.BooleanField(default=False) key_product = models.BooleanField(default=False) - updated = models.DateTimeField(auto_now=True, null=True) - created = models.DateTimeField(auto_now_add=True, null=True) members = models.ManyToManyField(Dojo_User, through="Product_Type_Member", related_name="prod_type_members", blank=True) authorization_groups = models.ManyToManyField(Dojo_Group, through="Product_Type_Group", related_name="product_type_groups", blank=True) @@ -955,11 +959,17 @@ class DojoMeta(models.Model): null=True, editable=False, related_name="finding_meta") + location = models.ForeignKey("Location", + on_delete=models.CASCADE, + null=True, + editable=False, + related_name="location_meta") class Meta: unique_together = (("product", "name"), ("endpoint", "name"), - ("finding", "name")) + ("finding", "name"), + ("location", "name")) def __str__(self): return f"{self.name}: {self.value}" @@ -971,7 +981,8 @@ def clean(self): ids = [self.product_id, self.endpoint_id, - self.finding_id] + self.finding_id, + self.location_id] ids_count = 0 for obj_id in ids: @@ -979,10 +990,10 @@ def clean(self): ids_count += 1 if ids_count == 0: - msg = "Metadata entries need either a product, an endpoint or a finding" + msg = "Metadata entries need either a product, endpoint, location or a finding" raise ValidationError(msg) if ids_count > 1: - msg = "Metadata entries may not have more than one relation, either a product, an endpoint either or a finding" + msg = "Metadata entries may not have more than one relation, either a product, endpoint, location or a finding" raise ValidationError(msg) @@ -1104,7 +1115,7 @@ def get_summary(self): return f"{self.name} - Critical: {self.critical}, High: {self.high}, Medium: {self.medium}, Low: {self.low}" -class Product(models.Model): +class Product(BaseModel): WEB_PLATFORM = "web" IOT = "iot" DESKTOP_PLATFORM = "desktop" @@ -1167,10 +1178,8 @@ class Product(models.Model): team_manager = models.ForeignKey(Dojo_User, null=True, blank=True, related_name="team_manager", on_delete=models.RESTRICT) - created = models.DateTimeField(auto_now_add=True, null=True) prod_type = models.ForeignKey(Product_Type, related_name="prod_type", null=False, blank=False, on_delete=models.CASCADE) - updated = models.DateTimeField(auto_now=True, null=True) sla_configuration = models.ForeignKey(SLA_Configuration, related_name="sla_config", null=False, @@ -1271,6 +1280,7 @@ def findings_active_verified_count(self): test__engagement__product=self).count() return self.active_verified_finding_count + # TODO: Delete this after the move to Locations @cached_property def endpoint_host_count(self): # active_endpoints is (should be) prefetched @@ -1284,6 +1294,7 @@ def endpoint_host_count(self): return len(hosts) + # TODO: Delete this after the move to Locations @cached_property def endpoint_count(self): # active_endpoints is (should be) prefetched @@ -1498,7 +1509,7 @@ def __str__(self): ("Waiting for Resource", "Waiting for Resource")) -class Engagement(models.Model): +class Engagement(BaseModel): name = models.CharField(max_length=300, null=True, blank=True) description = models.CharField(max_length=2000, null=True, blank=True) version = models.CharField(max_length=100, null=True, blank=True, help_text=_("Version of the product the engagement tested.")) @@ -1511,8 +1522,6 @@ class Engagement(models.Model): reason = models.CharField(max_length=2000, null=True, blank=True) report_type = models.ForeignKey(Report_Type, null=True, blank=True, on_delete=models.CASCADE) product = models.ForeignKey(Product, on_delete=models.CASCADE) - updated = models.DateTimeField(auto_now=True, null=True) - created = models.DateTimeField(auto_now_add=True, null=True) active = models.BooleanField(default=True, editable=False) tracker = models.URLField(max_length=200, help_text=_("Link to epic or ticket system with changes to version."), editable=True, blank=True, null=True) test_strategy = models.URLField(editable=True, blank=True, null=True) @@ -1522,7 +1531,7 @@ class Engagement(models.Model): check_list = models.BooleanField(default=True) notes = models.ManyToManyField(Notes, blank=True, editable=False) files = models.ManyToManyField(FileUpload, blank=True, editable=False) - status = models.CharField(editable=True, max_length=2000, default="", + status = models.CharField(editable=True, max_length=2000, default="Not Started", null=True, choices=ENGAGEMENT_STATUS_CHOICES) progress = models.CharField(max_length=100, @@ -1694,7 +1703,8 @@ class Meta: ] def __str__(self): - return f"'{self.finding}' on '{self.endpoint}'" + with Endpoint.allow_endpoint_init(): # TODO: Delete this after the move to Locations + return f"'{self.finding}' on '{self.endpoint}'" def copy(self, finding=None): copy = copy_model_util(self) @@ -1755,6 +1765,12 @@ class Meta: ), ] + def __init__(self, *args, **kwargs): + if settings.V3_FEATURE_LOCATIONS and not getattr(self, "_allow_v3_init", False): + msg = "Endpoint model is deprecated when V3_FEATURE_LOCATIONS is enabled" + raise NotImplementedError(msg) + super().__init__(*args, **kwargs) + def __hash__(self): return self.__str__().__hash__() @@ -1826,6 +1842,21 @@ def __str__(self): def get_absolute_url(self): return reverse("view_endpoint", args=[str(self.id)]) + @classmethod + @contextlib.contextmanager + def allow_endpoint_init(cls): + # When migrating to Locations, Endpoints are not deleted (hooray backup!). Disallowing the initialization of + # Endpoints is a good way to catch where they might still be used (oops!). However, there are some circumstances + # -- object deletes -- where Django itself attempts to instantiate an Endpoint object. This, we need to allow: + # if a user wants to delete an object, including whatever Endpoints are attached to it, they should be able to. + # This context manager allows code to initialize Endpoints at our discretion. + old = getattr(cls, "_allow_v3_init", None) + cls._allow_v3_init = True + try: + yield + finally: + cls._allow_v3_init = old + def clean(self): errors = [] null_char_list = ["0x00", "\x00"] @@ -2339,7 +2370,7 @@ def __str__(self): return f"{self.finding.id}: {self.action}" -class Finding(models.Model): +class Finding(BaseModel): title = models.CharField(max_length=511, verbose_name=_("Title"), help_text=_("A short description of the flaw.")) @@ -2439,6 +2470,7 @@ class Finding(models.Model): blank=True, verbose_name=_("Severity Justification"), help_text=_("Text describing why a certain severity was associated with this flaw.")) + # TODO: Delete this after the move to Locations endpoints = models.ManyToManyField(Endpoint, blank=True, verbose_name=_("Endpoints"), @@ -2609,10 +2641,6 @@ class Finding(models.Model): dynamic_finding = models.BooleanField(default=True, verbose_name=_("Dynamic finding (DAST)"), help_text=_("Flaw has been detected from a Dynamic Application Security Testing tool (DAST).")) - created = models.DateTimeField(auto_now_add=True, - null=True, - verbose_name=_("Created"), - help_text=_("The date the finding was created inside DefectDojo.")) scanner_confidence = models.IntegerField(null=True, blank=True, default=None, @@ -2738,7 +2766,11 @@ class Meta: def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - self.unsaved_endpoints = [] + if settings.V3_FEATURE_LOCATIONS: + self.unsaved_locations: list[AbstractLocation] = [] + else: + # TODO: Delete this after the move to Locations + self.unsaved_endpoints = [] self.unsaved_request = None self.unsaved_response = None self.unsaved_tags = None @@ -2799,7 +2831,14 @@ def save(self, dedupe_option=True, rules_option=True, product_grading_option=Tru self.set_hash_code(dedupe_option) if is_new_finding: - if (self.file_path is not None) and (len(self.unsaved_endpoints) == 0): + if settings.V3_FEATURE_LOCATIONS: + if (self.file_path is not None) and (len(self.unsaved_locations) == 0): + self.static_finding = True + self.dynamic_finding = False + elif (self.file_path is not None): + self.static_finding = True + # TODO: Delete this after the move to Locations + elif (self.file_path is not None) and (len(self.unsaved_endpoints) == 0): self.static_finding = True self.dynamic_finding = False elif (self.file_path is not None): @@ -2810,18 +2849,27 @@ def save(self, dedupe_option=True, rules_option=True, product_grading_option=Tru finding_helper.update_finding_status(self, user, changed_fields={"id": (None, None)}) # logger.debug('setting static / dynamic in save') - # need to have an id/pk before we can access endpoints - elif (self.file_path is not None) and (self.endpoints.count() == 0): - self.static_finding = True - self.dynamic_finding = False - elif (self.file_path is not None): - self.static_finding = True + # need to have an id/pk before we can access locations/endpoints + elif self.file_path is not None: + if settings.V3_FEATURE_LOCATIONS: + if not self.locations.exists(): + self.static_finding = True + self.dynamic_finding = False + else: + self.static_finding = True + # TODO: Delete this after the move to Locations + elif not self.endpoints.exists(): + self.static_finding = True + self.dynamic_finding = False + else: + self.static_finding = True # update the SLA expiration date last, after all other finding fields have been updated self.set_sla_expiration_date() logger.debug("Saving finding of id " + str(self.id) + " dedupe_option:" + str(dedupe_option) + " (self.pk is %s)", "None" if self.pk is None else "not None") - super().save(*args, **kwargs) + # We cannot run the full_clean method here without issue, so we specify skip_validation + super().save(*args, **kwargs, skip_validation=True) # Only add to found_by for newly-created findings (avoid doing this on every update) if is_new_finding: @@ -2843,7 +2891,6 @@ def copy(self, test=None): # Save the necessary ManyToMany relationships old_notes = list(self.notes.all()) old_files = list(self.files.all()) - old_status_findings = list(self.status_finding.all()) old_reviewers = list(self.reviewers.all()) old_found_by = list(self.found_by.all()) old_tags = list(self.tags.all()) @@ -2858,9 +2905,16 @@ def copy(self, test=None): # Copy the files for files in old_files: copy.files.add(files.copy()) - # Copy the endpoint_status - for endpoint_status in old_status_findings: - endpoint_status.copy(finding=copy) # adding or setting is not necessary, link is created by Endpoint_Status.copy() + if settings.V3_FEATURE_LOCATIONS: + old_location_refs = self.locations.all() + for location_ref in old_location_refs: + location_ref.copy(copy) + else: + # TODO: Delete this after the move to Locations + # Copy the endpoint_status + old_status_findings = list(self.status_finding.all()) + for endpoint_status in old_status_findings: + endpoint_status.copy(finding=copy) # adding or setting is not necessary, link is created by Endpoint_Status.copy() # Assign any reviewers copy.reviewers.set(old_reviewers) # Assign any found_by @@ -2938,11 +2992,12 @@ def compute_hash_code(self): fields_to_hash = "" for hashcodeField in hash_code_fields: + # Note: preserve this field label ("endpoints") for settings purposes through the Locations migration if hashcodeField == "endpoints": - # For endpoints, need to compute the field - myEndpoints = self.get_endpoints() - fields_to_hash += myEndpoints - deduplicationLogger.debug(hashcodeField + " : " + myEndpoints) + # For locations/endpoints, need to compute the field + locations = self.get_locations() + fields_to_hash += locations + deduplicationLogger.debug(hashcodeField + " : " + locations) elif hashcodeField == "vulnerability_ids": # For vulnerability_ids, need to compute the field my_vulnerability_ids = self.get_vulnerability_ids() @@ -2992,33 +3047,59 @@ def _get_saved_vulnerability_ids(finding) -> str: return _get_saved_vulnerability_ids(self) or _get_unsaved_vulnerability_ids(self) - # Get endpoints to use for hash_code computation - # (This sometimes reports "None") - def get_endpoints(self): - - def _get_unsaved_endpoints(finding) -> str: - if len(finding.unsaved_endpoints) > 0: - deduplicationLogger.debug("get_endpoints before the finding was saved") - # convert list of unsaved endpoints to the list of their canonical representation - endpoint_str_list = [str(endpoint) for endpoint in finding.unsaved_endpoints] - # deduplicate (usually done upon saving finding) and sort endpoints - return "".join(dict.fromkeys(endpoint_str_list)) + # Get locations/endpoints to use for hash_code computation + def get_locations(self): + # TODO: Delete this after the move to Locations + if not settings.V3_FEATURE_LOCATIONS: + # Get endpoints to use for hash_code computation + # (This sometimes reports "None") + def _get_unsaved_endpoints(finding) -> str: + if len(finding.unsaved_endpoints) > 0: + deduplicationLogger.debug("get_endpoints before the finding was saved") + # convert list of unsaved endpoints to the list of their canonical representation + endpoint_str_list = [str(endpoint) for endpoint in finding.unsaved_endpoints] + # deduplicate (usually done upon saving finding) and sort endpoints + return "".join(dict.fromkeys(endpoint_str_list)) + # we can get here when the parser defines static_finding=True but leaves dynamic_finding defaulted + # In this case, before saving the finding, both static_finding and dynamic_finding are True + # After saving dynamic_finding may be set to False probably during the saving process (observed on Bandit scan before forcing dynamic_finding=False at parser level) + deduplicationLogger.debug("trying to get endpoints on a finding before it was saved but no endpoints found (static parser wrongly identified as dynamic?") + return "" + + def _get_saved_endpoints(finding) -> str: + if finding.id is not None: + deduplicationLogger.debug("get_endpoints: after the finding was saved. Endpoints count: " + str(finding.endpoints.count())) + # convert list of endpoints to the list of their canonical representation + endpoint_str_list = [str(endpoint) for endpoint in finding.endpoints.all()] + # sort endpoints strings + return "".join(sorted(endpoint_str_list)) + return "" + + return _get_saved_endpoints(self) or _get_unsaved_endpoints(self) + + def _get_unsaved_locations(finding) -> str: + if len(finding.unsaved_locations) > 0: + deduplicationLogger.debug("get_locations before the finding was saved") + # convert list of unsaved locations to the list of their canonical representation + # deduplicate (usually done upon saving finding) and sort locations + locations = sorted({location.get_location_value() for location in finding.unsaved_locations}) + return "".join(locations) # we can get here when the parser defines static_finding=True but leaves dynamic_finding defaulted # In this case, before saving the finding, both static_finding and dynamic_finding are True # After saving dynamic_finding may be set to False probably during the saving process (observed on Bandit scan before forcing dynamic_finding=False at parser level) - deduplicationLogger.debug("trying to get endpoints on a finding before it was saved but no endpoints found (static parser wrongly identified as dynamic?") + deduplicationLogger.debug("trying to get locations on a finding before it was saved but no locations found (static parser wrongly identified as dynamic?") return "" - def _get_saved_endpoints(finding) -> str: + def _get_saved_locations(finding) -> str: if finding.id is not None: - deduplicationLogger.debug("get_endpoints: after the finding was saved. Endpoints count: " + str(finding.endpoints.count())) - # convert list of endpoints to the list of their canonical representation - endpoint_str_list = [str(endpoint) for endpoint in finding.endpoints.all()] - # sort endpoints strings - return "".join(sorted(endpoint_str_list)) + deduplicationLogger.debug("get_locations: after the finding was saved. Locations count: " + str(finding.locations.count())) + # convert list of locations to the list of their canonical representation + locations = sorted({location_ref.location.get_location_value() for location_ref in finding.locations.all()}) + # sort locations strings + return "".join(sorted(locations)) return "" - return _get_saved_endpoints(self) or _get_unsaved_endpoints(self) + return _get_saved_locations(self) or _get_unsaved_locations(self) # Compute the hash_code from the fields to hash def hash_fields(self, fields_to_hash): @@ -3501,6 +3582,7 @@ def set_hash_code(self, dedupe_option): class FindingAdmin(admin.ModelAdmin): + # TODO: Delete this after the move to Locations # For efficiency with large databases, display many-to-many fields with raw # IDs rather than multi-select raw_id_fields = ( diff --git a/dojo/product/helpers.py b/dojo/product/helpers.py index aeadec0246d..8247cad4fa8 100644 --- a/dojo/product/helpers.py +++ b/dojo/product/helpers.py @@ -1,8 +1,12 @@ import contextlib import logging +from django.conf import settings +from django.db.models import Q + from dojo.celery import app from dojo.decorators import dojo_async_task +from dojo.location.models import Location from dojo.models import Endpoint, Engagement, Finding, Product, Test logger = logging.getLogger(__name__) @@ -26,9 +30,22 @@ def propagate_tags_on_product_sync(product): # findings logger.debug("Propagating tags from %s to all findings", product) propagate_tags_on_object_list(Finding.objects.filter(test__engagement__product=product)) - # endpoints - logger.debug("Propagating tags from %s to all endpoints", product) - propagate_tags_on_object_list(Endpoint.objects.filter(product=product)) + if settings.V3_FEATURE_LOCATIONS: + # Locations + logger.debug("Propagating tags from %s to all locations", product) + propagate_tags_on_object_list( + Location.objects.filter( + # Locations linked directly to a product via LocationProductReference + Q(products__product=product) + # Locations linked indirectly to a product via LocationFindingReference + | Q(findings__finding__test__engagement__product=product), + ).distinct(), + ) + else: + # TODO: Delete this after the move to Locations + # endpoints + logger.debug("Propagating tags from %s to all endpoints", product) + propagate_tags_on_object_list(Endpoint.objects.filter(product=product)) def propagate_tags_on_object_list(object_list): diff --git a/dojo/product/views.py b/dojo/product/views.py index fccc738851f..18d29d91616 100644 --- a/dojo/product/views.py +++ b/dojo/product/views.py @@ -8,13 +8,13 @@ from math import ceil from dateutil.relativedelta import relativedelta +from django.conf import settings from django.contrib import messages from django.contrib.admin.utils import NestedObjects from django.contrib.postgres.aggregates import StringAgg from django.core.exceptions import PermissionDenied, ValidationError from django.db import DEFAULT_DB_ALIAS, connection -from django.db.models import Count, DateField, F, OuterRef, Prefetch, Q, Subquery, Sum -from django.db.models.expressions import Value +from django.db.models import Count, DateField, F, OuterRef, Prefetch, Q, Subquery, Sum, Value from django.db.models.functions import Coalesce from django.db.models.query import QuerySet from django.http import Http404, HttpRequest, HttpResponseRedirect, JsonResponse @@ -55,7 +55,7 @@ DeleteEngagementPresetsForm, DeleteProduct_API_Scan_ConfigurationForm, DeleteProductForm, - DojoMetaDataForm, + DojoMetaFormSet, Edit_Product_Group_Form, Edit_Product_MemberForm, EngagementPresetsForm, @@ -150,6 +150,11 @@ def product(request): build_count_subquery(base_findings, group_field="test__engagement__product_id"), Value(0), ), ) + if settings.V3_FEATURE_LOCATIONS: + prods = prods.annotate( + location_host_count=Count("locations__location__url__host", distinct=True), + location_count=Count("locations", distinct=True), + ) filter_string_matching = get_system_setting("filter_string_matching", False) filter_class = ProductFilterWithoutObjectLookups if filter_string_matching else ProductFilter @@ -214,16 +219,18 @@ def prefetch_for_product(prods): ), ) - active_endpoint_qs = Endpoint.objects.filter( - status_endpoint__mitigated=False, - status_endpoint__false_positive=False, - status_endpoint__out_of_scope=False, - status_endpoint__risk_accepted=False, - ).distinct() + # TODO: Delete this after the move to Locations + if not settings.V3_FEATURE_LOCATIONS: + active_endpoint_qs = Endpoint.objects.filter( + status_endpoint__mitigated=False, + status_endpoint__false_positive=False, + status_endpoint__out_of_scope=False, + status_endpoint__risk_accepted=False, + ).distinct() - prefetched_prods = prefetched_prods.prefetch_related( - Prefetch("endpoint_set", queryset=active_endpoint_qs, to_attr="active_endpoints"), - ) + prefetched_prods = prefetched_prods.prefetch_related( + Prefetch("endpoint_set", queryset=active_endpoint_qs, to_attr="active_endpoints"), + ) if get_system_setting("enable_github"): prefetched_prods = prefetched_prods.prefetch_related( @@ -467,6 +474,7 @@ def finding_queries(request, prod): return filters +# TODO: Delete this after the move to Locations def endpoint_queries(request, prod): filters = {} endpoints_query = Endpoint_Status.objects.filter(finding__test__engagement__product=prod, @@ -571,6 +579,7 @@ def view_product_metrics(request, pid): filters = {} if view == "Finding": filters = finding_queries(request, prod) + # TODO: Delete this after the move to Locations elif view == "Endpoint": filters = endpoint_queries(request, prod) @@ -1090,7 +1099,8 @@ def delete_product(request, pid): message = labels.ASSET_DELETE_SUCCESS_ASYNC_MESSAGE else: message = labels.ASSET_DELETE_SUCCESS_MESSAGE - product.delete() + with Endpoint.allow_endpoint_init(): # TODO: Delete this after the move to Locations + product.delete() messages.add_message(request, messages.SUCCESS, message, @@ -1105,9 +1115,10 @@ def delete_product(request, pid): rels = ["Previewing the relationships has been disabled.", ""] display_preview = get_setting("DELETE_PREVIEW") if display_preview: - collector = NestedObjects(using=DEFAULT_DB_ALIAS) - collector.collect([product]) - rels = collector.nested() + with Endpoint.allow_endpoint_init(): # TODO: Delete this after the move to Locations + collector = NestedObjects(using=DEFAULT_DB_ALIAS) + collector.collect([product]) + rels = collector.nested() product_tab = Product_Tab(product, title=str(labels.ASSET_LABEL), tab="settings") @@ -1273,59 +1284,28 @@ def new_eng_for_app_cicd(request, pid): @user_is_authorized(Product, Permissions.Product_Edit, "pid") -def add_meta_data(request, pid): - prod = Product.objects.get(id=pid) - if request.method == "POST": - form = DojoMetaDataForm(request.POST, instance=DojoMeta(product=prod)) - if form.is_valid(): - form.save() - messages.add_message(request, - messages.SUCCESS, - _("Metadata added successfully."), - extra_tags="alert-success") - if "add_another" in request.POST: - return HttpResponseRedirect(reverse("add_meta_data", args=(pid,))) - return HttpResponseRedirect(reverse("view_product", args=(pid,))) - else: - form = DojoMetaDataForm() - - product_tab = Product_Tab(prod, title=_("Add Metadata"), tab="settings") - - return render(request, "dojo/add_product_meta_data.html", - {"form": form, - "product_tab": product_tab, - "product": prod, - }) - +def manage_meta_data(request, pid): + product = Product.objects.get(id=pid) + meta_data_query = DojoMeta.objects.filter(product=product) + form_mapping = {"product": product} + formset = DojoMetaFormSet(queryset=meta_data_query, form_kwargs={"fk_map": form_mapping}) -@user_is_authorized(Product, Permissions.Product_Edit, "pid") -def edit_meta_data(request, pid): - prod = Product.objects.get(id=pid) if request.method == "POST": - for key, orig_value in request.POST.items(): - if key.startswith("cfv_"): - cfv_id = int(key.split("_")[1]) - cfv = get_object_or_404(DojoMeta, id=cfv_id) - value = orig_value.strip() - if value: - cfv.value = value - cfv.save() - if key.startswith("delete_"): - cfv_id = int(key.split("_")[2]) - cfv = get_object_or_404(DojoMeta, id=cfv_id) - cfv.delete() - - messages.add_message(request, - messages.SUCCESS, - _("Metadata edited successfully."), - extra_tags="alert-success") - return HttpResponseRedirect(reverse("view_product", args=(pid,))) + formset = DojoMetaFormSet(request.POST, queryset=meta_data_query, form_kwargs={"fk_map": form_mapping}) + if formset.is_valid(): + formset.save() + messages.add_message( + request, messages.SUCCESS, "Metadata updated successfully.", extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("view_product", args=(pid,))) - product_tab = Product_Tab(prod, title=_("Edit Metadata"), tab="settings") - return render(request, "dojo/edit_product_meta_data.html", - {"product": prod, - "product_tab": product_tab, - }) + add_breadcrumb(parent=product, title="Manage Metadata", top_level=False, request=request) + product_tab = Product_Tab(product, "Edit Metadata", tab="products") + return render( + request, + "dojo/edit_metadata.html", + {"formset": formset, "product_tab": product_tab}, + ) class AdHocFindingView(View): @@ -1462,7 +1442,7 @@ def process_finding_form(self, request: HttpRequest, test: Test, context: dict): finding.unsaved_vulnerability_ids = context["form"].cleaned_data["vulnerability_ids"].split() finding.save() # Save and add new endpoints - finding_helper.add_endpoints(finding, context["form"]) + finding_helper.add_locations(finding, context["form"]) # Save the finding at the end and return finding.save() diff --git a/dojo/reports/queries.py b/dojo/reports/queries.py new file mode 100644 index 00000000000..174427ca5c6 --- /dev/null +++ b/dojo/reports/queries.py @@ -0,0 +1,61 @@ + +from django.conf import settings +from django.db.models import Prefetch, QuerySet + +from dojo.finding.queries import prefetch_for_findings +from dojo.location.models import LocationFindingReference +from dojo.location.queries import annotate_location_counts_and_status +from dojo.location.status import FindingLocationStatus +from dojo.models import Finding + + +def prefetch_related_findings_for_report(findings: QuerySet) -> QuerySet: + return prefetch_for_findings( + findings.prefetch_related( + # Some of the fields are removed here because they are being + # prefetched in the prefetch_for_findings function + "test__engagement__product__prod_type", + "risk_acceptance_set__accepted_findings", + "burprawrequestresponse_set", + "files", + "reporter", + "mitigated_by", + ), + ) + + +def prefetch_related_endpoints_for_report(endpoints: QuerySet) -> QuerySet: + if settings.V3_FEATURE_LOCATIONS: + return annotate_location_counts_and_status( + endpoints.prefetch_related( + "tags", + Prefetch( + "findings", + queryset=LocationFindingReference.objects.filter(status=FindingLocationStatus.Active) + .prefetch_related("finding") + .order_by("finding__numerical_severity"), + to_attr="_active_annotated_findings", + ), + ), + ) + # TODO: Delete this after the move to Locations + return endpoints.prefetch_related( + "product", + "tags", + Prefetch( + "findings", + queryset=prefetch_for_findings( + Finding.objects.filter( + active=True, + out_of_scope=False, + mitigated__isnull=True, + false_p=False, + duplicate=False, + status_finding__false_positive=False, + status_finding__out_of_scope=False, + status_finding__risk_accepted=False, + ).order_by("numerical_severity"), + ), + to_attr="active_annotated_findings", + ), + ) diff --git a/dojo/reports/urls.py b/dojo/reports/urls.py index a12858c840d..19d4348478f 100644 --- a/dojo/reports/urls.py +++ b/dojo/reports/urls.py @@ -32,16 +32,6 @@ views.test_report, name="test_report", ), - re_path( - r"^endpoint/(?P\d+)/report$", - views.endpoint_report, - name="endpoint_report", - ), - re_path( - r"^endpoint/host/(?P\d+)/report$", - views.endpoint_host_report, - name="endpoint_host_report", - ), re_path( r"^asset/report$", views.product_findings_report, @@ -106,10 +96,6 @@ name="engagement_report"), re_path(r"^test/(?P\d+)/report$", views.test_report, name="test_report"), - re_path(r"^endpoint/(?P\d+)/report$", views.endpoint_report, - name="endpoint_report"), - re_path(r"^endpoint/host/(?P\d+)/report$", views.endpoint_host_report, - name="endpoint_host_report"), re_path(r"^product/report$", views.product_findings_report, name="product_findings_report"), re_path(r"^reports/cover$", diff --git a/dojo/reports/views.py b/dojo/reports/views.py index ab4bee9bbd1..3c820564d42 100644 --- a/dojo/reports/views.py +++ b/dojo/reports/views.py @@ -7,7 +7,6 @@ from dateutil.relativedelta import relativedelta from django.conf import settings from django.core.exceptions import PermissionDenied -from django.db.models import Prefetch from django.http import Http404, HttpRequest, HttpResponse, QueryDict from django.shortcuts import get_object_or_404, render from django.utils import timezone @@ -29,7 +28,10 @@ from dojo.finding.views import BaseListFindings from dojo.forms import ReportOptionsForm from dojo.labels import get_labels -from dojo.models import Dojo_User, Endpoint, Engagement, Finding, Notes, Product, Product_Type, Test +from dojo.location.models import Location +from dojo.location.status import FindingLocationStatus +from dojo.models import Dojo_User, Endpoint, Engagement, Finding, Product, Product_Type, Test +from dojo.reports.queries import prefetch_related_endpoints_for_report, prefetch_related_findings_for_report from dojo.reports.widgets import ( CoverPage, CustomReportJsonForm, @@ -42,6 +44,7 @@ WYSIWYGContent, report_widget_factory, ) +from dojo.url.filters import URLFilter from dojo.utils import ( Product_Tab, add_breadcrumb, @@ -89,18 +92,23 @@ def get_findings(self, request: HttpRequest): return filter_class(self.request.GET, queryset=findings) def get_endpoints(self, request: HttpRequest): - endpoints = Endpoint.objects.filter(finding__active=True, - finding__false_p=False, - finding__duplicate=False, - finding__out_of_scope=False, - ) - if get_system_setting("enforce_verified_status", True) or get_system_setting("enforce_verified_status_metrics", True): - endpoints = endpoints.filter(finding__active=True) - - endpoints = endpoints.distinct() - - filter_string_matching = get_system_setting("filter_string_matching", False) - filter_class = EndpointFilterWithoutObjectLookups if filter_string_matching else EndpointFilter + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.filter(findings__status=FindingLocationStatus.Active).distinct() + filter_class = URLFilter + else: + endpoints = Endpoint.objects.filter( + finding__active=True, + finding__false_p=False, + finding__duplicate=False, + finding__out_of_scope=False, + ) + if get_system_setting("enforce_verified_status", True) or get_system_setting( + "enforce_verified_status_metrics", True, + ): + endpoints = endpoints.filter(finding__active=True) + endpoints = endpoints.distinct() + filter_string_matching = get_system_setting("filter_string_matching", False) + filter_class = EndpointFilterWithoutObjectLookups if filter_string_matching else EndpointFilter return filter_class(request.GET, queryset=endpoints, user=request.user) def get_available_widgets(self, request: HttpRequest) -> list[Widget]: @@ -203,16 +211,23 @@ def report_findings(request): def report_endpoints(request): - endpoints = Endpoint.objects.filter(finding__active=True, - finding__false_p=False, - finding__duplicate=False, - finding__out_of_scope=False, - ) - if get_system_setting("enforce_verified_status", True) or get_system_setting("enforce_verified_status_metrics", True): - endpoints = endpoints.filter(finding__active=True) - - endpoints = endpoints.distinct() - endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.filter(findings__status=FindingLocationStatus.Active).distinct() + endpoints = URLFilter(request.GET, queryset=endpoints) + else: + # TODO: Delete this after the move to Locations + endpoints = Endpoint.objects.filter( + finding__active=True, + finding__false_p=False, + finding__duplicate=False, + finding__out_of_scope=False, + ) + if get_system_setting("enforce_verified_status", True) or get_system_setting( + "enforce_verified_status_metrics", True, + ): + endpoints = endpoints.filter(finding__active=True) + endpoints = endpoints.distinct() + endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) @@ -265,33 +280,23 @@ def test_report(request, tid): return generate_report(request, test) -@user_is_authorized(Endpoint, Permissions.Endpoint_View, "eid") -def endpoint_report(request, eid): - endpoint = get_object_or_404(Endpoint, id=eid) - return generate_report(request, endpoint, host_view=False) - - -@user_is_authorized(Endpoint, Permissions.Endpoint_View, "eid") -def endpoint_host_report(request, eid): - endpoint = get_object_or_404(Endpoint, id=eid) - return generate_report(request, endpoint, host_view=True) - - @user_is_authorized(Product, Permissions.Product_View, "pid") def product_endpoint_report(request, pid): product = get_object_or_404(Product.objects.all().prefetch_related("engagement_set__test_set__test_type", "engagement_set__test_set__environment"), id=pid) - endpoints = Endpoint.objects.filter(finding__active=True, - finding__false_p=False, - finding__duplicate=False, - finding__out_of_scope=False) - - if get_system_setting("enforce_verified_status", True) or get_system_setting("enforce_verified_status_metrics", True): - endpoint_ids = endpoints.filter(finding__active=True).values_list("id", flat=True) - - endpoint_ids = endpoints.values_list("id", flat=True) - - endpoints = prefetch_related_endpoints_for_report(Endpoint.objects.filter(id__in=endpoint_ids)) - endpoints = EndpointReportFilter(request.GET, queryset=endpoints) + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.filter(findings__status=FindingLocationStatus.Active) + endpoints = prefetch_related_endpoints_for_report(endpoints.distinct()) + endpoints = URLFilter(request.GET, queryset=endpoints) + else: + # TODO: Delete this after the move to Locations + endpoints = Endpoint.objects.filter(finding__active=True, + finding__false_p=False, + finding__duplicate=False, + finding__out_of_scope=False) + if get_system_setting("enforce_verified_status", True) or get_system_setting("enforce_verified_status_metrics", True): + endpoints = endpoints.filter(finding__active=True) + endpoints = prefetch_related_endpoints_for_report(endpoints.distinct()) + endpoints = EndpointReportFilter(request.GET, queryset=endpoints) paged_endpoints = get_page_items(request, endpoints.qs, 25) report_format = request.GET.get("report_type", "HTML") @@ -352,17 +357,17 @@ def generate_report(request, obj, *, host_view=False): endpoints = None report_title = None - if type(obj).__name__ == "Product_Type": + if isinstance(obj, Product_Type): user_has_permission_or_403(request.user, obj, Permissions.Product_Type_View) - elif type(obj).__name__ == "Product": + elif isinstance(obj, Product): user_has_permission_or_403(request.user, obj, Permissions.Product_View) - elif type(obj).__name__ == "Engagement": + elif isinstance(obj, Engagement): user_has_permission_or_403(request.user, obj, Permissions.Engagement_View) - elif type(obj).__name__ == "Test": + elif isinstance(obj, Test): user_has_permission_or_403(request.user, obj, Permissions.Test_View) - elif type(obj).__name__ == "Endpoint": - user_has_permission_or_403(request.user, obj, Permissions.Endpoint_View) - elif type(obj).__name__ == "QuerySet" or type(obj).__name__ == "CastTaggedQuerySet" or type(obj).__name__ == "TagulousCastTaggedQuerySet": + elif isinstance(obj, (Endpoint, Location)): + user_has_permission_or_403(request.user, obj, Permissions.Location_View) + elif type(obj).__name__ in {"QuerySet", "CastTaggedQuerySet", "TagulousCastTaggedQuerySet"}: # authorization taken care of by only selecting findings from product user is authed to see pass else: @@ -387,7 +392,8 @@ def generate_report(request, obj, *, host_view=False): filter_string_matching = get_system_setting("filter_string_matching", False) report_finding_filter_class = ReportFindingFilterWithoutObjectLookups if filter_string_matching else ReportFindingFilter add_breadcrumb(title="Generate Report", top_level=False, request=request) - if type(obj).__name__ == "Product_Type": + + if isinstance(obj, Product_Type): product_type = obj template = "dojo/product_type_pdf_report.html" report_name = labels.ORG_REPORT_WITH_NAME_TITLE % {"name": str(product_type)} @@ -437,17 +443,21 @@ def generate_report(request, obj, *, host_view=False): "host": report_url_resolver(request), "user_id": request.user.id} - elif type(obj).__name__ == "Product": + elif isinstance(obj, Product): product = obj template = "dojo/product_pdf_report.html" report_name = labels.ASSET_REPORT_WITH_NAME_TITLE % {"name": str(product)} report_title = labels.ASSET_REPORT_LABEL findings = report_finding_filter_class(request.GET, product=product, queryset=prefetch_related_findings_for_report(Finding.objects.filter( test__engagement__product=product))) - ids = set(finding.id for finding in findings.qs) # noqa: C401 + ids = findings.qs.values_list("id", flat=True) engagements = Engagement.objects.filter(test__finding__id__in=ids).distinct() tests = Test.objects.filter(finding__id__in=ids).distinct() - endpoints = Endpoint.objects.filter(product=product).distinct() + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.prefetch_related("products__product").filter(products__product=product).distinct() + else: + # TODO: Delete this after the move to Locations + endpoints = Endpoint.objects.filter(product=product).distinct() context = {"product": product, "engagements": engagements, "tests": tests, @@ -466,7 +476,7 @@ def generate_report(request, obj, *, host_view=False): "host": report_url_resolver(request), "user_id": request.user.id} - elif type(obj).__name__ == "Engagement": + elif isinstance(obj, Engagement): logger.debug("generating report for Engagement") engagement = obj findings = report_finding_filter_class(request.GET, engagement=engagement, @@ -475,9 +485,13 @@ def generate_report(request, obj, *, host_view=False): template = "dojo/engagement_pdf_report.html" report_title = "Engagement Report" - ids = set(finding.id for finding in findings.qs) # noqa: C401 + ids = findings.qs.values_list("id", flat=True) tests = Test.objects.filter(finding__id__in=ids).distinct() - endpoints = Endpoint.objects.filter(product=engagement.product).distinct() + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.prefetch_related("products__product").filter(products__product=engagement.product).distinct() + else: + # TODO: Delete this after the move to Locations + endpoints = Endpoint.objects.filter(product=engagement.product).distinct() context = {"engagement": engagement, "tests": tests, @@ -496,7 +510,7 @@ def generate_report(request, obj, *, host_view=False): "user_id": request.user.id, "endpoints": endpoints} - elif type(obj).__name__ == "Test": + elif isinstance(obj, Test): test = obj findings = report_finding_filter_class(request.GET, engagement=test.engagement, queryset=prefetch_related_findings_for_report(Finding.objects.filter(test=test))) @@ -519,7 +533,8 @@ def generate_report(request, obj, *, host_view=False): "host": report_url_resolver(request), "user_id": request.user.id} - elif type(obj).__name__ == "Endpoint": + # TODO: Delete this after the move to Locations + elif isinstance(obj, Endpoint): endpoint = obj if host_view: report_name = "Endpoint Host Report: " + endpoint.host @@ -532,7 +547,7 @@ def generate_report(request, obj, *, host_view=False): report_title = "Endpoint Report" template = "dojo/endpoint_pdf_report.html" findings = report_finding_filter_class(request.GET, - queryset=prefetch_related_findings_for_report(Finding.objects.filter(endpoints__in=endpoints))) + queryset=prefetch_related_findings_for_report(Finding.objects.filter(endpoints__in=endpoints))) context = {"endpoint": endpoint, "endpoints": endpoints, @@ -549,6 +564,41 @@ def generate_report(request, obj, *, host_view=False): "title": report_title, "host": report_url_resolver(request), "user_id": request.user.id} + + elif isinstance(obj, Location): + endpoint = obj + if host_view: + report_name = "Endpoint Host Report: " + endpoint.url.host + endpoints = Location.objects.prefetch_related("url").filter(url__host=endpoint.url.host).distinct() + report_title = "Endpoint Host Report" + else: + report_name = "Endpoint Report: " + str(endpoint) + endpoints = Location.objects.filter(id=endpoint.id).distinct() + report_title = "Endpoint Report" + template = "dojo/endpoint_pdf_report.html" + findings = report_finding_filter_class( + request.GET, + queryset=prefetch_related_findings_for_report(Finding.objects.filter(locations__location__in=endpoints)), + ) + + context = { + "endpoint": endpoint, + "endpoints": endpoints, + "report_name": report_name, + "findings": findings.qs.distinct().order_by("numerical_severity"), + "include_finding_notes": include_finding_notes, + "include_finding_images": include_finding_images, + "include_executive_summary": include_executive_summary, + "include_table_of_contents": include_table_of_contents, + "include_disclaimer": include_disclaimer, + "disclaimer": disclaimer, + "user": user, + "team_name": get_system_setting("team_name"), + "title": report_title, + "host": report_url_resolver(request), + "user_id": request.user.id, + } + elif type(obj).__name__ in {"QuerySet", "CastTaggedQuerySet", "TagulousCastTaggedQuerySet"}: findings = report_finding_filter_class(request.GET, queryset=prefetch_related_findings_for_report(obj).distinct()) report_name = "Finding" @@ -568,6 +618,7 @@ def generate_report(request, obj, *, host_view=False): "title": report_title, "host": report_url_resolver(request), "user_id": request.user.id} + else: raise Http404 @@ -614,10 +665,12 @@ def generate_report(request, obj, *, host_view=False): elif product: product_tab = Product_Tab(product, title=str(labels.ASSET_REPORT_LABEL), tab="findings") elif endpoints: - if host_view: - product_tab = Product_Tab(endpoint.product, title="Endpoint Host Report", tab="endpoints") - else: - product_tab = Product_Tab(endpoint.product, title="Endpoint Report", tab="endpoints") + # TODO: Delete this after the move to Locations + if not settings.V3_FEATURE_LOCATIONS: + if host_view: + product_tab = Product_Tab(endpoint.product, title="Endpoint Host Report", tab="endpoints") + else: + product_tab = Product_Tab(endpoint.product, title="Endpoint Report", tab="endpoints") return render(request, "dojo/request_report.html", {"product_type": product_type, @@ -634,29 +687,6 @@ def generate_report(request, obj, *, host_view=False): }) -def prefetch_related_findings_for_report(findings): - return findings.prefetch_related("test", - "test__engagement__product", - "test__engagement__product__prod_type", - "risk_acceptance_set", - "risk_acceptance_set__accepted_findings", - "burprawrequestresponse_set", - "endpoints", - "tags", - Prefetch("notes", queryset=Notes.objects.filter(private=False)), - "files", - "reporter", - "mitigated_by", - ) - - -def prefetch_related_endpoints_for_report(endpoints): - return endpoints.prefetch_related( - "product", - "tags", - ) - - def get_list_index(full_list, index): try: element = full_list[index] @@ -760,7 +790,7 @@ def get_template(self): def get(self, request): findings, obj = get_findings(request) self.findings = findings - findings = self.add_findings_data() + findings = prefetch_related_findings_for_report(self.add_findings_data()) return self.generate_quick_report(request, findings, obj) def generate_quick_report(self, request, findings, obj=None): diff --git a/dojo/reports/widgets.py b/dojo/reports/widgets.py index 47e0c6afe19..e71a7168b70 100644 --- a/dojo/reports/widgets.py +++ b/dojo/reports/widgets.py @@ -19,7 +19,12 @@ ) from dojo.forms import CustomReportOptionsForm from dojo.labels import get_labels +from dojo.location.models import Location +from dojo.location.status import FindingLocationStatus from dojo.models import Endpoint, Finding +from dojo.reports.queries import prefetch_related_endpoints_for_report, prefetch_related_findings_for_report +from dojo.settings import settings +from dojo.url.filters import URLFilter from dojo.utils import get_page_items, get_system_setting, get_words_for_field """ @@ -286,7 +291,7 @@ def __init__(self, *args, **kwargs): def get_html(self): html = render_to_string("dojo/custom_html_report_finding_list.html", {"title": self.title, - "findings": self.findings.qs, + "findings": prefetch_related_findings_for_report(self.findings.qs), "include_finding_notes": self.finding_notes, "include_finding_images": self.finding_images, "host": self.host, @@ -351,7 +356,7 @@ def __init__(self, *args, **kwargs): def get_html(self): html = render_to_string("dojo/custom_html_report_endpoint_list.html", {"title": self.title, - "endpoints": self.endpoints.qs, + "endpoints": prefetch_related_endpoints_for_report(self.endpoints.qs), "include_finding_notes": self.finding_notes, "include_finding_images": self.finding_images, "host": self.host, @@ -365,12 +370,23 @@ def get_option_form(self): "request": self.request, "title": self.title, "extra_help": self.extra_help, + "V3_FEATURE_LOCATIONS": settings.V3_FEATURE_LOCATIONS, }) return mark_safe(html) -def report_widget_factory(json_data=None, request=None, user=None, *, finding_notes=False, finding_images=False, - host=None): +def report_widget_factory( + json_data=None, request=None, user=None, *, finding_notes=False, finding_images=False, host=None, +): + def convert_to_querydict(data): + d = QueryDict(mutable=True) + for item in data: + if item["name"] in d: + d.appendlist(item["name"], item["value"]) + else: + d[item["name"]] = item["value"] + return d + selected_widgets = OrderedDict() widgets = json.loads(json_data) @@ -379,41 +395,43 @@ def report_widget_factory(json_data=None, request=None, user=None, *, finding_no selected_widgets[list(widget.keys())[0] + "-" + str(idx)] = PageBreak() if list(widget.keys())[0] == "endpoint-list": - endpoints = Endpoint.objects.filter(finding__active=True, - finding__false_p=False, - finding__duplicate=False, - finding__out_of_scope=False, - ) - if get_system_setting("enforce_verified_status", True) or get_system_setting("enforce_verified_status_metrics", True): - endpoints = endpoints.filter(finding__verified=True) - - endpoints = endpoints.distinct() - - d = QueryDict(mutable=True) - for item in widget.get(list(widget.keys())[0]): - if item["name"] in d: - d.appendlist(item["name"], item["value"]) - else: - d[item["name"]] = item["value"] - - endpoints = Endpoint.objects.filter(id__in=endpoints) - filter_string_matching = get_system_setting("filter_string_matching", False) - filter_class = EndpointFilterWithoutObjectLookups if filter_string_matching else EndpointFilter - endpoints = filter_class(d, queryset=endpoints, user=request.user) - user_id = user.id if user is not None else None - endpoints = EndpointList(request=request, endpoints=endpoints, finding_notes=finding_notes, - finding_images=finding_images, host=host, user_id=user_id) + d = convert_to_querydict(widget.get(list(widget.keys())[0])) + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.filter(findings__status=FindingLocationStatus.Active).distinct() + endpoints = URLFilter(d, queryset=endpoints, user=request.user) + else: + # TODO: Delete this after the move to Locations + endpoints = Endpoint.objects.filter( + finding__active=True, + finding__false_p=False, + finding__duplicate=False, + finding__out_of_scope=False, + ) + if get_system_setting("enforce_verified_status", True) or get_system_setting( + "enforce_verified_status_metrics", True, + ): + endpoints = endpoints.filter(finding__verified=True) + + endpoints = endpoints.distinct() + endpoints = Endpoint.objects.filter(id__in=endpoints) + filter_string_matching = get_system_setting("filter_string_matching", False) + filter_class = EndpointFilterWithoutObjectLookups if filter_string_matching else EndpointFilter + endpoints = filter_class(d, queryset=endpoints, user=request.user) + user_id = user.id if user is not None else None + endpoints = EndpointList( + request=request, + endpoints=endpoints, + finding_notes=finding_notes, + finding_images=finding_images, + host=host, + user_id=user_id, + ) selected_widgets[list(widget.keys())[0] + "-" + str(idx)] = endpoints if list(widget.keys())[0] == "finding-list": + d = convert_to_querydict(widget.get(list(widget.keys())[0])) findings = Finding.objects.all() - d = QueryDict(mutable=True) - for item in widget.get(list(widget.keys())[0]): - if item["name"] in d: - d.appendlist(item["name"], item["value"]) - else: - d[item["name"]] = item["value"] filter_string_matching = get_system_setting("filter_string_matching", False) filter_class = ReportFindingFilterWithoutObjectLookups if filter_string_matching else ReportFindingFilter findings = filter_class(d, queryset=findings) diff --git a/dojo/search/views.py b/dojo/search/views.py index cf8bcb27061..c7d80d6d7b6 100644 --- a/dojo/search/views.py +++ b/dojo/search/views.py @@ -16,6 +16,7 @@ from dojo.filters import FindingFilter, FindingFilterWithoutObjectLookups from dojo.finding.queries import get_authorized_findings, get_authorized_vulnerability_ids, prefetch_for_findings from dojo.forms import FindingBulkUpdateForm, SimpleSearchForm +from dojo.location.queries import get_authorized_locations, prefetch_for_locations from dojo.models import Engagement, Finding, Finding_Template, Languages, Product, Test from dojo.product.queries import get_authorized_app_analysis, get_authorized_products from dojo.test.queries import get_authorized_tests @@ -125,7 +126,11 @@ def simple_search(request): authorized_tests = get_authorized_tests(Permissions.Test_View) authorized_engagements = get_authorized_engagements(Permissions.Engagement_View) authorized_products = get_authorized_products(Permissions.Product_View) - authorized_endpoints = get_authorized_endpoints(Permissions.Endpoint_View) + if settings.V3_FEATURE_LOCATIONS: + authorized_endpoints = get_authorized_locations(Permissions.Location_View) + else: + # TODO: Delete this after the move to Locations + authorized_endpoints = get_authorized_endpoints(Permissions.Location_View) authorized_finding_templates = Finding_Template.objects.all() authorized_app_analysis = get_authorized_app_analysis(Permissions.Product_View) authorized_vulnerability_ids = get_authorized_vulnerability_ids(Permissions.Finding_View) @@ -289,9 +294,12 @@ def simple_search(request): endpoints = authorized_endpoints endpoints = apply_tag_filters(endpoints, operators) - - endpoints = endpoints.filter(Q(host__icontains=keywords_query) | Q(path__icontains=keywords_query) | Q(protocol__icontains=keywords_query) | Q(query__icontains=keywords_query) | Q(fragment__icontains=keywords_query)) - endpoints = prefetch_for_endpoints(endpoints) + if settings.V3_FEATURE_LOCATIONS: + endpoints = endpoints.filter(Q(url__host__icontains=keywords_query) | Q(url__path__icontains=keywords_query) | Q(url__protocol__icontains=keywords_query) | Q(url__query__icontains=keywords_query) | Q(url__fragment__icontains=keywords_query)) + endpoints = prefetch_for_locations(endpoints) + else: + endpoints = endpoints.filter(Q(host__icontains=keywords_query) | Q(path__icontains=keywords_query) | Q(protocol__icontains=keywords_query) | Q(query__icontains=keywords_query) | Q(fragment__icontains=keywords_query)) + endpoints = prefetch_for_endpoints(endpoints) endpoints = endpoints[:max_results] else: endpoints = None @@ -515,7 +523,10 @@ def apply_tag_filters(qs, operators, *, skip_relations=False): def apply_endpoint_filter(qs, operators): if "endpoint" in operators: - qs = qs.filter(endpoints__host__contains=",".join(operators["endpoint"])) + if settings.V3_FEATURE_LOCATIONS: + qs = qs.filter(locations__location__url__host__contains=",".join(operators["endpoint"])) + else: + qs = qs.filter(endpoints__host__contains=",".join(operators["endpoint"])) return qs diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 13e5b2b706e..5bc48913952 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -358,6 +358,8 @@ # For HTTP requests, how long connection is open before timeout # This settings apply only on requests performed by "requests" lib used in Dojo code (if some included lib is using "requests" as well, this does not apply there) DD_REQUESTS_TIMEOUT=(int, 30), + # Dictates if v3 functionality will be enabled + DD_V3_FEATURE_LOCATIONS=(bool, False), # Dictates if v3 org/asset relabeling (+url routing) will be enabled DD_ENABLE_V3_ORGANIZATION_ASSET_RELABEL=(bool, False), ) @@ -852,6 +854,10 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param # Used to configure a custom version in the footer of the base.html template. FOOTER_VERSION = env("DD_FOOTER_VERSION") +# V3 Feature Flags +V3_FEATURE_LOCATIONS = env("DD_V3_FEATURE_LOCATIONS") + + # ------------------------------------------------------------------------------ # ADMIN # ------------------------------------------------------------------------------ @@ -1529,7 +1535,7 @@ def saml2_attrib_map_format(din): } # List of fields that are known to be usable in hash_code computation) -# 'endpoints' is a pseudo field that uses the endpoints (for dynamic scanners) +# 'endpoints' is a pseudo field that uses the endpoints (for dynamic scanners). If `V3_FEATURE_LOCATIONS` is True, Dojo uses locations (URLs) instead. # 'unique_id_from_tool' is often not needed here as it can be used directly in the dedupe algorithm, but it's also possible to use it for hashing HASHCODE_ALLOWED_FIELDS = ["title", "cwe", "vulnerability_ids", "line", "file_path", "payload", "component_name", "component_version", "description", "endpoints", "unique_id_from_tool", "severity", "vuln_id_from_tool", "mitigation"] diff --git a/dojo/tags_signals.py b/dojo/tags_signals.py index 0cade958265..58682421d0b 100644 --- a/dojo/tags_signals.py +++ b/dojo/tags_signals.py @@ -4,6 +4,7 @@ from django.db.models import signals from django.dispatch import receiver +from dojo.location.models import Location, LocationFindingReference, LocationProductReference from dojo.models import Endpoint, Engagement, Finding, Product, Test from dojo.product import helpers as async_product_funcs from dojo.utils import get_system_setting @@ -27,6 +28,7 @@ def product_tags_post_add_remove(sender, instance, action, **kwargs): @receiver(signals.m2m_changed, sender=Engagement.tags.through) @receiver(signals.m2m_changed, sender=Test.tags.through) @receiver(signals.m2m_changed, sender=Finding.tags.through) +@receiver(signals.m2m_changed, sender=Location.tags.through) def make_inherited_tags_sticky(sender, instance, action, **kwargs): """Make sure inherited tags are added back in if they are removed""" if action in {"post_add", "post_remove"}: @@ -36,23 +38,44 @@ def make_inherited_tags_sticky(sender, instance, action, **kwargs): instance.inherit_tags(tag_list) +def inherit_instance_tags(instance): + """Usually nothing to do when saving a model, except for new models?""" + if inherit_product_tags(instance): + # TODO: Is this change OK to make? + # tag_list = instance._tags_tagulous.get_tag_list() + tag_list = instance.tags.get_tag_list() + if propagate_inheritance(instance, tag_list=tag_list): + instance.inherit_tags(tag_list) + + +def inherit_linked_instance_tags(instance: LocationFindingReference | LocationProductReference): + inherit_instance_tags(instance.location) + + @receiver(signals.post_save, sender=Endpoint) @receiver(signals.post_save, sender=Engagement) @receiver(signals.post_save, sender=Test) @receiver(signals.post_save, sender=Finding) +@receiver(signals.post_save, sender=Location) def inherit_tags_on_instance(sender, instance, created, **kwargs): - """Usually nothing to do when savind a model, except for new models?""" - if inherit_product_tags(instance): - tag_list = instance._tags_tagulous.get_tag_list() - if propagate_inheritance(instance, tag_list=tag_list): - instance.inherit_tags(tag_list) + inherit_instance_tags(instance) + + +@receiver(signals.post_save, sender=LocationFindingReference) +@receiver(signals.post_save, sender=LocationProductReference) +def inherit_tags_on_linked_instance(sender, instance, created, **kwargs): + inherit_linked_instance_tags(instance) def propagate_inheritance(instance, tag_list=None): # Get the expected product tags if tag_list is None: tag_list = [] - product_inherited_tags = [tag.name for tag in get_product(instance).tags.all()] + product_inherited_tags = [ + tag.name + for product in get_products_to_inherit_tags_from(instance) + for tag in product.tags.all() + ] existing_inherited_tags = [tag.name for tag in instance.inherited_tags.all()] # Check if product tags already matches inherited tags product_tags_equals_inherited_tags = product_inherited_tags == existing_inherited_tags @@ -62,23 +85,34 @@ def propagate_inheritance(instance, tag_list=None): def inherit_product_tags(instance) -> bool: - product = get_product(instance) + products = get_products(instance) # Save a read in the db - if product and product.enable_product_tag_inheritance: + if any(product.enable_product_tag_inheritance for product in products if product): return True return get_system_setting("enable_product_tag_inheritance") -def get_product(instance): +def get_products_to_inherit_tags_from(instance) -> list[Product]: + products = get_products(instance) + system_wide_inherit = get_system_setting("enable_product_tag_inheritance") + + return [ + product for product in products if product.enable_product_tag_inheritance or system_wide_inherit + ] + + +def get_products(instance) -> list[Product]: if isinstance(instance, Product): - return instance + return [instance] if isinstance(instance, Endpoint): - return instance.product + return [instance.product] if isinstance(instance, Engagement): - return instance.product + return [instance.product] if isinstance(instance, Test): - return instance.engagement.product + return [instance.engagement.product] if isinstance(instance, Finding): - return instance.test.engagement.product - return None + return [instance.test.engagement.product] + if isinstance(instance, Location): + return list(instance.all_related_products()) + return [] diff --git a/dojo/tasks.py b/dojo/tasks.py index 29dfe11257c..b934abc9f02 100644 --- a/dojo/tasks.py +++ b/dojo/tasks.py @@ -14,6 +14,7 @@ from dojo.celery import app from dojo.decorators import dojo_async_task from dojo.finding.helper import fix_loop_duplicates +from dojo.location.models import Location from dojo.management.commands.jira_status_reconciliation import jira_status_reconciliation from dojo.models import Alerts, Announcement, Endpoint, Engagement, Finding, Product, System_Settings, User from dojo.notifications.helper import create_notification @@ -223,7 +224,11 @@ def evaluate_pro_proposition(*args, **kwargs): ): return # Count the objects the determine if the banner should be updated - object_count = Finding.objects.count() + Endpoint.objects.count() + if settings.V3_FEATURE_LOCATIONS: + object_count = Finding.objects.count() + Location.objects.count() + else: + # TODO: Delete this after the move to Locations + object_count = Finding.objects.count() + Endpoint.objects.count() # Unless the count is greater than 100k, exit early if object_count < 100000: return diff --git a/dojo/templates/base.html b/dojo/templates/base.html index 7f9a44c750d..09393088809 100644 --- a/dojo/templates/base.html +++ b/dojo/templates/base.html @@ -857,7 +857,7 @@

{% trans "Endpoint Report" %} - {% if product_tab.product|has_object_permission:"Endpoint_Add" %} + {% if product_tab.product|has_object_permission:"Location_Add" %}
  • @@ -866,7 +866,7 @@

    • {% endif %} - {% if product_tab.product|has_object_permission:"Endpoint_Edit" and system_settings.enable_endpoint_metadata_import %} + {% if product_tab.product|has_object_permission:"Location_Edit" and system_settings.enable_endpoint_metadata_import %}
  • diff --git a/dojo/templates/dojo/add_endpoint_meta_data.html b/dojo/templates/dojo/add_endpoint_meta_data.html deleted file mode 100644 index ebc6fce3407..00000000000 --- a/dojo/templates/dojo/add_endpoint_meta_data.html +++ /dev/null @@ -1,19 +0,0 @@ -{% extends "base.html" %} -{% load static %} - -{% block content %} - {{ block.super }} -

    Add Endpoint ({{ endpoint }}{% if endpoint.is_broken %} 🚩{% endif %}) Metadata

    -
    -
    {% csrf_token %} - {% include "dojo/form_fields.html" with form=form %} -
    -
    - -
    -
    - -
    -
    -
    -{% endblock %} \ No newline at end of file diff --git a/dojo/templates/dojo/add_product_meta_data.html b/dojo/templates/dojo/add_product_meta_data.html deleted file mode 100644 index 696ade6c260..00000000000 --- a/dojo/templates/dojo/add_product_meta_data.html +++ /dev/null @@ -1,19 +0,0 @@ -{% extends "base.html" %} -{% load static %} - -{% block content %} - {{ block.super }} -

    Add {{ product.name }} Custom Fields

    -
    -
    {% csrf_token %} - {% include "dojo/form_fields.html" with form=form %} -
    -
    - -
    -
    - -
    -
    -
    -{% endblock %} diff --git a/dojo/templates/dojo/custom_html_report_endpoint_list.html b/dojo/templates/dojo/custom_html_report_endpoint_list.html index aca9cd3bef9..0e881bd6fc6 100644 --- a/dojo/templates/dojo/custom_html_report_endpoint_list.html +++ b/dojo/templates/dojo/custom_html_report_endpoint_list.html @@ -1,7 +1,6 @@ {% load static %} {% load display_tags %} {% load humanize %} -{% load get_endpoint_status %} {% load get_note_status %} {% load get_notetype_availability %} {% load event_tags %} @@ -20,13 +19,13 @@

    Endpoint Findings

    - Endpoint: {{ endpoint }} with {{ endpoint.active_findings|length|apnumber }} + Endpoint: {{ endpoint }} with {{ endpoint.active_annotated_findings|length|apnumber }} active findings

    - {% for finding in endpoint.active_findings %} + {% for finding in endpoint.active_annotated_findings %} {% ifchanged finding.severity %}

    {{ finding.severity|capfirst }}

    {% endifchanged %} diff --git a/dojo/templates/dojo/custom_html_report_finding_list.html b/dojo/templates/dojo/custom_html_report_finding_list.html index 13f33d03dca..44d9063574f 100644 --- a/dojo/templates/dojo/custom_html_report_finding_list.html +++ b/dojo/templates/dojo/custom_html_report_finding_list.html @@ -1,7 +1,7 @@ {% load static %} {% load display_tags %} {% load humanize %} -{% load get_endpoint_status %} + {% load get_note_status %} {% load get_notetype_availability %} {% load event_tags %} diff --git a/dojo/templates/dojo/dashboard-metrics.html b/dojo/templates/dojo/dashboard-metrics.html index cae5661bb5e..aee1a199f8d 100644 --- a/dojo/templates/dojo/dashboard-metrics.html +++ b/dojo/templates/dojo/dashboard-metrics.html @@ -31,23 +31,25 @@

    {% blocktrans with start_date=start_date.date end_date=end_date.date%}{{ name }} for {{ start_date }} - {{ end_date }}{% endblocktrans %}
    - - + {% if not V3_FEATURE_LOCATIONS %} + + + {% endif %}

    diff --git a/dojo/templates/dojo/edit_endpoint_meta_data.html b/dojo/templates/dojo/edit_endpoint_meta_data.html deleted file mode 100644 index 8b45791235e..00000000000 --- a/dojo/templates/dojo/edit_endpoint_meta_data.html +++ /dev/null @@ -1,26 +0,0 @@ -{% extends "base.html" %} -{% load static %} - -{% block content %} - {{ block.super }} -

    Edit Endpoint ({{ endpoint }}{% if endpoint.is_broken %} 🚩{% endif %}) Metadata

    -
    -
    {% csrf_token %} - {% for cf in endpoint.endpoint_meta.all %} -
    - -
    - - Delete - -
    -
    - {% endfor %} -
    -
    - -
    -
    -
    -{% endblock %} diff --git a/dojo/templates/dojo/edit_metadata.html b/dojo/templates/dojo/edit_metadata.html new file mode 100644 index 00000000000..ec1597768cc --- /dev/null +++ b/dojo/templates/dojo/edit_metadata.html @@ -0,0 +1,23 @@ +{% extends "base.html" %} +{% load static %} +{% block content %} + {{ block.super }} +

    Edit Metadata

    +
    +
    + {% csrf_token %} + {% for form in formset %} +
    + {% include "dojo/form_fields.html" with form=form %} +
    + {% endfor %} +
    +
    +
    + {{ formset.management_form }} + +
    +
    +
    +
    +{% endblock content %} diff --git a/dojo/templates/dojo/edit_product_meta_data.html b/dojo/templates/dojo/edit_product_meta_data.html deleted file mode 100644 index ffb5de7c99c..00000000000 --- a/dojo/templates/dojo/edit_product_meta_data.html +++ /dev/null @@ -1,26 +0,0 @@ -{% extends "base.html" %} -{% load static %} - -{% block content %} - {{ block.super }} -

    Edit Product ({{ product.name }}) Metadata

    -
    -
    {% csrf_token %} - {% for cf in product.product_meta.all %} -
    - -
    - - Delete - -
    -
    - {% endfor %} -
    -
    - -
    -
    -
    -{% endblock %} diff --git a/dojo/templates/dojo/endpoint_pdf_report.html b/dojo/templates/dojo/endpoint_pdf_report.html index 3520a9f42b1..ef187bb1b76 100644 --- a/dojo/templates/dojo/endpoint_pdf_report.html +++ b/dojo/templates/dojo/endpoint_pdf_report.html @@ -2,7 +2,7 @@ {% load static %} {% load display_tags %} {% load humanize %} -{% load get_endpoint_status %} + {% load get_note_status %} {% load get_notetype_availability %} {% load event_tags %} @@ -31,7 +31,7 @@

    Executive Summary

    Vulnerable Services

    - {% if endpoints %} + {% if endpoints %} {% colgroup endpoints into 2 cols as grouped_items %} {% for row in grouped_items %} diff --git a/dojo/templates/dojo/endpoints.html b/dojo/templates/dojo/endpoints.html index 9d7aec59d41..82af13baa3a 100644 --- a/dojo/templates/dojo/endpoints.html +++ b/dojo/templates/dojo/endpoints.html @@ -12,7 +12,7 @@

    {{ name }}
    - {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Endpoint_Add" %} + {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Location_Add" %} {% endif %} - {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Endpoint_Delete" %} + {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Location_Delete" %}

    - {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Endpoint_Edit" %} + {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Location_Edit" %} - {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Endpoint_Edit" %} + {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Location_Edit" %} {% endif %} - + {% comment %} The display field is translated in the function. No need to translate here as well{% endcomment %} @@ -102,13 +102,13 @@

  • Add New Finding
    • {% endif %} -
  • View Endpoints
    • +
  • View Locations
  • View Hosts
    • -
  • View Vulnerable Endpoints
    • +
  • View Vulnerable Locations
  • View Vulnerable Hosts
    • -
  • Endpoint Report
    • - {% if prod|has_object_permission:"Endpoint_Add" %} -
  • Add New Endpoint
    • +
  • Location Report
    • + {% if prod|has_object_permission:"Location_Add" %} +
  • Add New Location
    • {% endif %} {% if prod|has_object_permission:"Product_Edit" %} @@ -250,8 +250,14 @@

    {% endif %}

    - - - + {% if V3_FEATURE_LOCATIONS %} + + + {% else %} + + + + {% endif %} {% for e in endpoints %} - - - + {% if V3_FEATURE_LOCATIONS %} + + + {% else %} + + + + {% endif %} {% endfor %} diff --git a/dojo/templates/dojo/request_endpoint_report.html b/dojo/templates/dojo/request_endpoint_report.html index e4742419370..9e77089d1b9 100644 --- a/dojo/templates/dojo/request_endpoint_report.html +++ b/dojo/templates/dojo/request_endpoint_report.html @@ -39,29 +39,47 @@

    {% if filtered %} +
    + {% include "dojo/paging_snippet.html" with page=endpoints %} +

    @@ -93,7 +93,7 @@

    {% for e in endpoints %}

    data-original-title="Files" title=""> {% endif %} - {% if finding.endpoints.all %} - - {% endif %} - {% endfor %} - " data-placement="right" data-container="body" data-original-title="Endpoints ({{ finding.active_endpoint_count }} Active, {{ finding.mitigated_endpoint_count }} Mitigated)" title=""> + {% else %} + ✕ {{ ref.location }} +
    + {% endif %} + {% endfor %} + " data-placement="right" data-container="body" data-original-title="Endpoints ({{ finding.active_endpoint_count }} Active, {{ finding.mitigated_endpoint_count }} Mitigated)" title=""> + {% endif %} + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + {% if finding.endpoints.exists %} + + {% endif %} {% endif %} {% if finding.component_name %} {% if not critical_prods %}
    - - + {% if not V3_FEATURE_LOCATIONS %} + + + {% endif %}
    {% endif %} diff --git a/dojo/templates/dojo/migrate_endpoints.html b/dojo/templates/dojo/migrate_endpoints.html index c3455e24393..a070581f7e5 100644 --- a/dojo/templates/dojo/migrate_endpoints.html +++ b/dojo/templates/dojo/migrate_endpoints.html @@ -8,14 +8,18 @@
    -

    - {{ name }} -

    -
    -
    - {% include "dojo/filter_snippet.html" with form=filtered.form %} +

    {{ name }}

    +
    + This migration will convert existing Endpoints to the new Location model. Please ensure you have a full backup of your database before proceeding. This operation may take some time depending on the number of endpoints in your system. + Please consult the documentation for more information. +
    +
    +
    + If you would prefer to run this migration from the command line, you can do so by executing: + 
    python manage.py migrate_endpoints_to_locations
    +
    {% csrf_token %} @@ -24,23 +28,6 @@

    - {% if html_log|length > 0 %} -
      - {% for log in html_log %} -
    • - {% if 'message' in log.keys %} - Endpoint {{ log.message }}. It is not possible to migrate it. - Delete or edit this endpoint. - {% else %} - {{ log }} - {% endif %} -
      • - {% endfor %} -
    - {% else %} - No changes or broken endpoints detected. - {% endif %} - -{% endblock %} \ No newline at end of file +{% endblock %} diff --git a/dojo/templates/dojo/product.html b/dojo/templates/dojo/product.html index 2b2a3c6a8ff..cb06252f614 100644 --- a/dojo/templates/dojo/product.html +++ b/dojo/templates/dojo/product.html @@ -63,7 +63,7 @@

    		GitHub{% dojo_sort request 'Active (Verified) Findings' 'findings_count' %} Vulnerable Hosts / Endpoints Vulnerable Hosts / Locations Contact{% dojo_sort request labels.ORG_LABEL 'prod_type__name' %} - {{ prod.endpoint_host_count }} / - {{ prod.endpoint_count }} + {% if V3_FEATURE_LOCATIONS %} + {{ prod.location_host_count }} / + {{ prod.location_count }} + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + {{ prod.endpoint_host_count }} / + {{ prod.endpoint_count }} + {% endif %} {% if prod.product_manager %} @@ -376,7 +382,7 @@

    }}, {% endif %} { "data": "findings" }, - { "data": "endpoints" }, + { "data": "locations" }, { "data": "contacts" }, { "data": "product_type" }, ], diff --git a/dojo/templates/dojo/product_endpoint_pdf_report.html b/dojo/templates/dojo/product_endpoint_pdf_report.html index dff16d0e07d..f7de27fe7a3 100644 --- a/dojo/templates/dojo/product_endpoint_pdf_report.html +++ b/dojo/templates/dojo/product_endpoint_pdf_report.html @@ -2,7 +2,7 @@ {% load static %} {% load display_tags %} {% load humanize %} -{% load get_endpoint_status %} + {% load get_note_status %} {% load get_notetype_availability %} {% load event_tags %} @@ -132,7 +132,7 @@

    Endpoint Findings

    {% endif %} {% for endpoint in endpoints %} -
    +

    Endpoint: {{ endpoint }} @@ -140,7 +140,8 @@

    - {% for finding in endpoint.active_findings %} + {% for finding in endpoint.active_annotated_findings %} +
    diff --git a/dojo/templates/dojo/product_metrics.html b/dojo/templates/dojo/product_metrics.html index 2f94c9df7fb..a479c5ea8ba 100644 --- a/dojo/templates/dojo/product_metrics.html +++ b/dojo/templates/dojo/product_metrics.html @@ -14,23 +14,25 @@

    Metrics Overview
    - - + {% if not V3_FEATURE_LOCATIONS %} + + + {% endif %}

    diff --git a/dojo/templates/dojo/product_pdf_report.html b/dojo/templates/dojo/product_pdf_report.html index 022af4870d8..9768c006888 100644 --- a/dojo/templates/dojo/product_pdf_report.html +++ b/dojo/templates/dojo/product_pdf_report.html @@ -3,7 +3,7 @@ {% load display_tags %} {% load humanize %} {% load event_tags %} -{% load get_endpoint_status %} + {% load get_note_status %} {% load get_notetype_availability %} {% block content %} diff --git a/dojo/templates/dojo/product_type_pdf_report.html b/dojo/templates/dojo/product_type_pdf_report.html index 311061e466e..483d024edc7 100644 --- a/dojo/templates/dojo/product_type_pdf_report.html +++ b/dojo/templates/dojo/product_type_pdf_report.html @@ -2,7 +2,7 @@ {% load static %} {% load display_tags %} {% load humanize %} -{% load get_endpoint_status %} + {% load get_note_status %} {% load get_notetype_availability %} {% load event_tags %} diff --git a/dojo/templates/dojo/report_endpoints.html b/dojo/templates/dojo/report_endpoints.html index 07fac4e156e..5bdaa3904e9 100644 --- a/dojo/templates/dojo/report_endpoints.html +++ b/dojo/templates/dojo/report_endpoints.html @@ -30,18 +30,26 @@
    Filters
    class="tablesorter-bootstrap table table-bordered table-condensed table-striped table-hover">
    EndpointProductOpen FindingsEndpointOpen FindingsEndpointProductOpen Findings
    {{ e|truncatechars_html:70 }}{{ e.product }} - {{ e.finding_count_endpoint }} - {{ e|truncatechars_html:70 }}{{ e.findings.count }}{{ e|truncatechars_html:70 }}{{ e.product }}{{ e.findings.count }}
    - - + {% if V3_FEATURE_LOCATIONS %} + + + + {% else %} + + + {% endif %} {% for e in endpoints %} - - + {% if V3_FEATURE_LOCATIONS %} + + + + {% else %} + + + {% endif %} {% endfor %}
    EndpointOpen FindingsEndpointOpen FindingsOpen ProductsEndpointOpen Findings
    - {{ e|truncatechars_html:70 }} - {% include "dojo/snippets/tags.html" with tags=e.tags.all %} - - {{ e.findings_count }} - + {{ e|truncatechars_html:70 }} + {% include "dojo/snippets/tags.html" with tags=e.tags.all %} + {{ e.active_findings }}{{ e.active_products }} + {{ e|truncatechars_html:70 }} + {% include "dojo/snippets/tags.html" with tags=e.tags.all %} + + {{ e.findings_count }} +
    - {% include "dojo/paging_snippet.html" with page=paged_endpoints %} + {% include "dojo/paging_snippet.html" with page=endpoints %}
    {% else %}

    No endpoints found.

    diff --git a/dojo/templates/dojo/snippets/endpoints.html b/dojo/templates/dojo/snippets/endpoints.html index 014cc2c21f9..893379d853e 100644 --- a/dojo/templates/dojo/snippets/endpoints.html +++ b/dojo/templates/dojo/snippets/endpoints.html @@ -1,17 +1,17 @@ {% load display_tags %} {% load authorization_tags %} {% load static %} -{% load get_endpoint_status %} + {% if destination == "Report" %} - {% if finding|has_endpoints %} - {% with endpoints=finding|get_vulnerable_endpoints %} + {% if finding.has_endpoints%} + {% with endpoints=finding.active_endpoints %} {% if endpoints %}
    -
    Vulnerable Endpoints / Systems ({{ endpoints|length }})
    +
    Vulnerable Endpoints / Systems ({{ finding.active_endpoint_count }})
    @@ -23,10 +23,18 @@
    Vulnerable Endpoints / Systems ({{ endpoints|length }})
    {% for endpoint in endpoints %} - - - - + {% if V3_FEATURE_LOCATIONS %} + + + + + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + + + + + {% endif %} {% endfor %} @@ -37,28 +45,42 @@
    Vulnerable Endpoints / Systems ({{ endpoints|length }})
    {% endif %} {% endwith %} - {% with endpoints=finding|get_mitigated_endpoints %} + {% with endpoints=finding.mitigated_endpoints %} {% if endpoints %}
    -
    Mitigated Endpoints / Systems ({{ endpoints|length }})
    +
    Mitigated Endpoints / Systems ({{ finding.mitigated_endpoint_count }})
    {{ endpoint }}{% if endpoint.is_broken %} 🚩{% endif %}{{ endpoint|endpoint_display_status:finding|safe }}{{ endpoint|endpoint_date:finding|date }}{{ endpoint|endpoint_update_time:finding|date}}{{ endpoint.location }}{% if endpoint.is_broken %} 🚩{% endif %}{{ endpoint.status }}{{ endpoint.created|date }}{{ endpoint.audit_time|date}}{{ endpoint }}{% if endpoint.endpoint.is_broken %} 🚩{% endif %}{{ endpoint.status }}{{ endpoint.date|date }}{{ endpoint.last_modified|date}}
    - - + {% if V3_FEATURE_LOCATIONS %} + + + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + + + {% endif %} {% for endpoint in endpoints %} - - - - + {% if V3_FEATURE_LOCATIONS %} + + + + + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + + + + + {% endif %} {% endfor %} @@ -119,13 +141,13 @@
    Location
    {% endif %} {% else %} - {% with endpoints=finding|get_vulnerable_endpoints %} + {% with endpoints=finding.active_endpoints %} {% if endpoints %}
    -

    Vulnerable Endpoints / Systems ({{ endpoints|length }}) +

    Vulnerable Endpoints / Systems ({{ finding.active_endpoint_count }})

    @@ -152,18 +174,29 @@

    Vulnerable Endpoints / Systems ({{ endpoints|length }}) {% if finding|has_object_permission:"Finding_Edit" %}

    {% endif %} - - - - + {% if V3_FEATURE_LOCATIONS %} + + + + + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + + + + + {% endif %} {% endfor %} @@ -174,13 +207,13 @@

    Vulnerable Endpoints / Systems ({{ endpoints|length }}) {% endif %} {% endwith %} - {% with endpoints=finding|get_mitigated_endpoints %} + {% with endpoints=finding.mitigated_endpoints %} {% if endpoints %}
    -

    Mitigated Endpoints / Systems ({{ endpoints|length }}) +

    Mitigated Endpoints / Systems ({{ finding.mitigated_endpoint_count }})

    @@ -197,8 +230,14 @@

    Mitigated Endpoints / Systems ({{ endpoints|length }}) {% endif %}

    - - + {% if V3_FEATURE_LOCATIONS %} + + + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + + + {% endif %} {% for endpoint in endpoints %} @@ -206,18 +245,29 @@

    Mitigated Endpoints / Systems ({{ endpoints|length }}) {% if finding|has_object_permission:"Finding_Edit" %}

    {% endif %} - - - - + {% if V3_FEATURE_LOCATIONS %} + + + + + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + + + + + {% endif %} {% endfor %} diff --git a/dojo/templates/dojo/test_pdf_report.html b/dojo/templates/dojo/test_pdf_report.html index 000b2acfa39..17af82137bc 100644 --- a/dojo/templates/dojo/test_pdf_report.html +++ b/dojo/templates/dojo/test_pdf_report.html @@ -2,7 +2,7 @@ {% load static %} {% load display_tags %} {% load humanize %} -{% load get_endpoint_status %} + {% load get_note_status %} {% load get_notetype_availability %} {% load event_tags %} diff --git a/dojo/templates/dojo/url/create.html b/dojo/templates/dojo/url/create.html new file mode 100644 index 00000000000..f67d0e58168 --- /dev/null +++ b/dojo/templates/dojo/url/create.html @@ -0,0 +1,24 @@ +{% extends "base.html" %} +{% load static %} +{% block add_styles %} + {{ block.super }} + .chosen-container { + width: 70% !important; + } +{% endblock add_styles %} +{% block content %} + {{ block.super }} +

    Create Endpoint

    + + {% csrf_token %} + {% include "dojo/form_fields.html" with form=form %} +
    +
    + +
    +
    + +{% endblock content %} diff --git a/dojo/templates/dojo/url/delete.html b/dojo/templates/dojo/url/delete.html new file mode 100644 index 00000000000..473feb247b3 --- /dev/null +++ b/dojo/templates/dojo/url/delete.html @@ -0,0 +1,38 @@ +{% extends "base.html" %} +{% block content %} + {{ block.super }} +

    + Delete Endpoint {{ location }} + {% if location.url.host_validation_failure %} + 🚩 + {% endif %} +

    +

    + Deleting this Endpoint will disassociate it with any findings and products and other relationships associated + with it. These relationships are listed below: +

    +
    +
    +

    Danger Zone

    +
    + {% if rels|length > 1 %} +
      + {{ rels|unordered_list }} +
    + {% else %} +

    No relationships found.

    + {% endif %} +
    + {% csrf_token %} + {{ form }} +
    + +
    + +
    +
    +{% endblock content %} diff --git a/dojo/templates/dojo/url/list.html b/dojo/templates/dojo/url/list.html new file mode 100644 index 00000000000..d4511523fb5 --- /dev/null +++ b/dojo/templates/dojo/url/list.html @@ -0,0 +1,276 @@ +{% extends "base.html" %} +{% load navigation_tags %} +{% load display_tags %} +{% load authorization_tags %} +{% block content %} + {{ block.super }} +
    +
    +
    +
    +

    + {{ name }} +
    + + {% if product_tab and product_tab.product|has_object_permission:"Location_Add" %} + + + {% endif %} +
    +

    +
    +
    + {% include "dojo/filter_snippet.html" with form=filtered.form %} +
    +
    + {% if locations %} + +
    {% include "dojo/paging_snippet.html" with page=locations page_size=True %}
    +
    +
    Endpoint StatusMitigation TimeMitigatorAuditorAudit TimeMitigatorMitigation Time
    {{ endpoint }}{% if endpoint.is_broken %} 🚩{% endif %}{{ endpoint|endpoint_display_status:finding|safe }}{{ endpoint|endpoint_mitigated_time:finding|date }}{{ endpoint|endpoint_mitigator:finding|safe }}{{ endpoint.location }}{% if endpoint.is_broken %} 🚩{% endif %}{{ endpoint.status }}{{ endpoint.auditor|safe }}{{ endpoint.audit_time|date }}{{ endpoint }}{% if endpoint.endpoint.is_broken %} 🚩{% endif %}{{ endpoint.status }}{{ endpoint.mitigated_by|safe }}{{ endpoint.mitigated_time|date }}
    -
    		- {{ endpoint|url_shortener }}{% if endpoint.is_broken %} 🚩{% endif %} - {% include "dojo/snippets/tags.html" with tags=endpoint.tags.all %} - {{ endpoint|endpoint_display_status:finding|safe }}{{ endpoint|endpoint_date:finding|date }}{{ endpoint|endpoint_update_time:finding|date}} + {{ endpoint.location|url_shortener }}{% if endpoint.is_broken %} 🚩{% endif %} + {% include "dojo/snippets/tags.html" with tags=endpoint.location.tags.all %} + {{ endpoint.status }}{{ endpoint.created|date }}{{ endpoint.audit_time|date}} + {{ endpoint.endpoint|url_shortener }}{% if endpoint.endpoint.is_broken %} 🚩{% endif %} + {% include "dojo/snippets/tags.html" with tags=endpoint.endpoint.tags.all %} + {{ endpoint.status }}{{ endpoint.date|date }}{{ endpoint.last_modified|date}}
    Endpoint StatusMitigation TimeMitigatorAuditorAudit TimeMitigatorMitigation Time
    -
    		- {{ endpoint|url_shortener }}{% if endpoint.is_broken %} 🚩{% endif %} - {% include "dojo/snippets/tags.html" with tags=endpoint.tags.all %} - {{ endpoint|endpoint_display_status:finding|safe }}{{ endpoint|endpoint_mitigated_time:finding|date }}{{ endpoint|endpoint_mitigator:finding|safe }} + {{ endpoint.location|url_shortener }}{% if endpoint.is_broken %} 🚩{% endif %} + {% include "dojo/snippets/tags.html" with tags=endpoint.location.tags.all %} + {{ endpoint.status }}{{ endpoint.auditor|safe }}{{ endpoint.audit_time|date }} + {{ endpoint.endpoint|url_shortener }}{% if endpoint.endpoint.is_broken %} 🚩{% endif %} + {% include "dojo/snippets/tags.html" with tags=endpoint.endpoint.tags.all %} + {{ endpoint.status }}{{ endpoint.mitigated_by|safe }}{{ endpoint.mitigated_time|date }}
    + + {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Location_Edit" %} + + {% endif %} + {% if host_view %} + + {% else %} + + {% endif %} + {% if not product_tab %}{% endif %} + + + + {% for location in locations %} + + {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Location_Edit" %} + + {% endif %} + {% if host_view %} + + {% else %} + + {% endif %} + {% if not product_tab %} + + {% endif %} + + + + {% endfor %} +
    +
    + +
    +     		HostEndpointActive (Total) ProductsActive (Total) FindingsOverall Status
    +
    + +
    +     		+ {{ location.host|url_shortener }} + + {{ location|url_shortener }} + {% if location.host_validation_failure %} + 🚩 + {% endif %} + + {% include "dojo/snippets/tags.html" with tags=location.tags.all %} + + {% if host_view %} + {{ location.active_products }} + ({{ location.total_products }}) + {% else %} + {{ location.active_products }} + ({{ location.total_products }}) + {% endif %} + + {% if host_view %} + {{ location.active_findings }} + ({{ location.total_findings }}) + {% else %} + {{ location.active_findings }} + ({{ location.total_findings }}) + {% endif %} + {{ location.overall_status }}
    +
    +
    {% include "dojo/paging_snippet.html" with page=locations page_size=True %}
    + {% else %} + {% if host_view %} +
    +

    No hosts found.

    +
    + {% else %} +
    +

    No endpoints found.

    +
    + {% endif %} + {% endif %} +
    +
    +{% endblock content %} +{% block postscript %} + {{ block.super }} + + {% include "dojo/filter_js_snippet.html" %} +{% endblock postscript %} diff --git a/dojo/templates/dojo/url/update.html b/dojo/templates/dojo/url/update.html new file mode 100644 index 00000000000..3967bf18690 --- /dev/null +++ b/dojo/templates/dojo/url/update.html @@ -0,0 +1,24 @@ +{% extends "base.html" %} +{% load static %} +{% block add_styles %} + {{ block.super }} + .chosen-container { + width: 70% !important; + } +{% endblock add_styles %} +{% block content %} + {{ block.super }} +

    Edit Endpoint

    +
    + {% csrf_token %} + {% include "dojo/form_fields.html" with form=form %} +
    +
    + +
    +
    +
    +{% endblock content %} diff --git a/dojo/templates/dojo/url/view.html b/dojo/templates/dojo/url/view.html new file mode 100644 index 00000000000..69cfe001a04 --- /dev/null +++ b/dojo/templates/dojo/url/view.html @@ -0,0 +1,410 @@ +{% extends "base.html" %} +{% load navigation_tags %} +{% load humanize %} +{% load display_tags %} +{% load authorization_tags %} +{% load multiply %} +{% load static %} +{% block add_styles %} + {{ block.super }} + .graph {min-height: 158px;} + h3 { margin-top: 5px; margin-bottom: 5px; font-size: 20px; line-height: 22px;} + .tooltip-inner { + max-width: 650px; + } +{% endblock add_styles %} +{% block content %} + {{ block.super }} +
    +
    +
    +

    + {% if host_view %} + Host: {{ host|url_shortener }} + {% else %} + + Endpoint: {{ location|url_shortener }} + {% if location.host_validation_failure %} + 🚩 + {% endif %} + + {% endif %} +

    +
    +
    + + + +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    + +
    +   + + Finding Age ({{ all_findings_count|apnumber }} + finding{{ all_findings_count|pluralize }}) + +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    + +
    + {{ all_findings_count }} + + {% if not host_view %} + + {% else %} + + {% endif %} + endpoint finding{{ all_findings_count|pluralize }} + +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    + +
    + Opened findings count by month +
    +
    +
    +
    + +
    +
    +
    + +
    + +
    +
    +
    +
    + {% if host_view %} +
    +

    Endpoints ({{ mitigated_location_count }} / {{ location_count }} Mitigated Endpoints)

    +
    + {% if locations %} + {% colgroup locations into 3 cols as grouped_items %} + + {% for row in grouped_items %} + + {% for item in row %} + + {% endfor %} + + {% endfor %} +
    + {% if item %} + + {% if item.overall_status == "Active" %} + + {% else %} + + {% endif %} +  {{ item|url_shortener }} + {% if location.url.host_validation_failure %} + 🚩 + {% endif %} + + {% endif %} +
    + {% else %} +
    No endpoints.
    + {% endif %} + {% else %} +
    +

    Host

    +
    +
    + {{ host|url_shortener }} +
    + {% endif %} +
    + {% if not host_view and location.tags.exists %} +
    +
    +

    Tags

    +
    +
    {% include "dojo/snippets/tags.html" with tags=location.tags.all %}
    +
    + {% endif %} + {% if not host_view and metadata %} +
    +
    +
    +
    +

    + Additional Information +
    + + + + + + +
    +

    +
    +
    + {% for key, value in metadata.items %} +
    + {{ key }} +
    + {{ value }} +
    +   +
    + {% endfor %} +
    +
    +
    +
    + {% endif %} +
    +
    +

    Open Findings ({{ active_findings_count }} / {{ all_findings_count }} Active Findings)

    +
    + {% if findings %} +
    + {% include "dojo/paging_snippet.html" with page=findings page_size=True %} +
    +
    + + + + + + + + + + + + + {% for finding in findings %} + + + + + + + + + {% endfor %} + +
    TitleSeverityEPSS Score / PercentileDateAgeFound by
    + {{ finding.title }} + + {{ finding.severity }} + + {{ finding.epss_score|format_epss }} + / + {{ finding.epss_percentile|format_epss }} + {{ finding.date }}{{ finding.age }} + {% for scanner in finding.found_by.all %}{{ scanner }}{% endfor %} +
    +
    +
    + {% include "dojo/paging_snippet.html" with page=findings page_size=True %} +
    + {% else %} +

    No findings found.

    + {% endif %} +
    + +{% endblock content %} +{% block postscript %} + {{ block.super }} + + + + + + + {% block metrics %} + + {% endblock metrics %} + +{% endblock postscript %} diff --git a/dojo/templates/dojo/view_endpoint.html b/dojo/templates/dojo/view_endpoint.html index 8fcdf39c60c..745de9a5a3d 100644 --- a/dojo/templates/dojo/view_endpoint.html +++ b/dojo/templates/dojo/view_endpoint.html @@ -51,7 +51,7 @@