npm - @offgridsec/kira-lite-mcp - Versions diffs - 0.1.3 → 0.1.4 - Mend

@offgridsec/kira-lite-mcp 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/README.md +486 -34
package/dist/config.d.ts +1 -0
package/dist/config.js +1 -1
package/dist/core/engines/kira-core.js +1 -1
package/dist/core/engines/osv.js +1 -485
package/dist/core/engines/runner.js +1 -30
package/dist/core/scanner.js +1 -101
package/dist/core/types.js +1 -1
package/dist/core/utils.js +1 -70
package/dist/index.js +1 -477
package/dist/rules/c-cpp.js +1 -202
package/dist/rules/cicd.js +1 -144
package/dist/rules/csharp.js +1 -207
package/dist/rules/docker.js +1 -143
package/dist/rules/go.js +1 -184
package/dist/rules/index.js +1 -147
package/dist/rules/java.js +1 -1
package/dist/rules/javascript-extended.js +1 -1
package/dist/rules/javascript.js +1 -1
package/dist/rules/kubernetes.js +1 -1
package/dist/rules/php.js +1 -1
package/dist/rules/python-extended.js +1 -1
package/dist/rules/python.js +1 -1
package/dist/rules/ruby.js +1 -1
package/dist/rules/secrets-extended.js +1 -1
package/dist/rules/secrets.js +1 -1
package/dist/rules/shell.js +1 -1
package/dist/rules/terraform.js +1 -1
package/dist/telemetry.js +1 -1
package/dist/tools/fix-vulnerability.js +1 -1
package/dist/tools/scan-code.js +1 -1
package/dist/tools/scan-dependencies.js +1 -1
package/dist/tools/scan-diff.js +1 -1
package/dist/tools/scan-file.js +1 -1
package/package.json +1 -1

package/dist/rules/csharp.js CHANGED Viewed

@@ -1,207 +1 @@
-export const csharpRules = [
-    // === SQL Injection ===
-    {
-        id: "CS-SQLI-001",
-        cwe: "CWE-89",
-        severity: "critical",
-        title: "SQL Injection — String concatenation in SqlCommand",
-        description: "Concatenating user input into SqlCommand text enables SQL injection.",
-        languages: ["csharp"],
-        pattern: /(?:SqlCommand|OleDbCommand|OdbcCommand|NpgsqlCommand)\s*\(\s*(?:["'][^"']*["']\s*\+|\$["']|string\.Format)/g,
-        fix: "Use parameterized queries: cmd.Parameters.AddWithValue(\"@id\", userId);",
-    },
-    {
-        id: "CS-SQLI-002",
-        cwe: "CWE-89",
-        severity: "critical",
-        title: "SQL Injection — String interpolation in EF Core raw SQL",
-        description: "String interpolation in EF Core FromSqlRaw() or ExecuteSqlRaw() enables SQL injection.",
-        languages: ["csharp"],
-        pattern: /(?:FromSqlRaw|ExecuteSqlRaw|ExecuteSqlCommand)\s*\(\s*\$["']/g,
-        fix: "Use FromSqlInterpolated() or FromSql() which automatically parameterize. Or use FromSqlRaw with separate parameters.",
-    },
-    // === XSS ===
-    {
-        id: "CS-XSS-001",
-        cwe: "CWE-79",
-        severity: "high",
-        title: "Cross-Site Scripting — Html.Raw with user input",
-        description: "Html.Raw() outputs unescaped HTML. User input passed to Html.Raw enables XSS.",
-        languages: ["csharp"],
-        pattern: /Html\.Raw\s*\(\s*(?:Model|ViewBag|ViewData|TempData|Request)/g,
-        fix: "Use Razor's automatic encoding (@Model.Property) instead of Html.Raw(). Sanitize HTML if raw output is needed.",
-    },
-    // === Command Injection ===
-    {
-        id: "CS-CMDI-001",
-        cwe: "CWE-78",
-        severity: "critical",
-        title: "Command Injection — Process.Start with user input",
-        description: "Starting processes with user-controlled arguments or filenames enables command injection.",
-        languages: ["csharp"],
-        pattern: /Process\.Start\s*\(\s*(?:new\s+ProcessStartInfo\s*\(\s*)?(?:\$["']|.*\+\s*(?:Request|input|user|param))/g,
-        fix: "Validate and whitelist allowed commands. Use ProcessStartInfo with UseShellExecute = false and separate Arguments.",
-    },
-    // === Path Traversal ===
-    {
-        id: "CS-PATH-001",
-        cwe: "CWE-22",
-        severity: "high",
-        title: "Path Traversal — User input in file path",
-        description: "User input in file paths without sanitization allows reading/writing arbitrary files.",
-        languages: ["csharp"],
-        pattern: /(?:File\.(?:ReadAllText|ReadAllBytes|WriteAllText|WriteAllBytes|Open|Delete|Exists|Copy|Move)|StreamReader|StreamWriter|FileStream)\s*\(\s*(?:Request|input|param|user|\$["'])/g,
-        fix: "Use Path.GetFullPath() and verify the path starts with the expected base directory.",
-    },
-    // === XXE ===
-    {
-        id: "CS-XXE-001",
-        cwe: "CWE-611",
-        severity: "critical",
-        title: "XML External Entity (XXE) — Unsafe XmlReader/XmlDocument",
-        description: "XmlDocument and XmlTextReader with DTD processing enabled are vulnerable to XXE attacks.",
-        languages: ["csharp"],
-        pattern: /(?:XmlDocument|XmlTextReader)\s*(?:\(\)|\.)/g,
-        fix: "Use XmlReader.Create() with XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit }.",
-    },
-    // === Deserialization ===
-    {
-        id: "CS-DESER-001",
-        cwe: "CWE-502",
-        severity: "critical",
-        title: "Insecure Deserialization — BinaryFormatter",
-        description: "BinaryFormatter is dangerous and officially deprecated by Microsoft. It can execute arbitrary code.",
-        languages: ["csharp"],
-        pattern: /BinaryFormatter\s*\(\s*\)|\.Deserialize\s*\(/g,
-        fix: "Use System.Text.Json or Newtonsoft.Json. BinaryFormatter is deprecated and should never be used.",
-    },
-    {
-        id: "CS-DESER-002",
-        cwe: "CWE-502",
-        severity: "critical",
-        title: "Insecure Deserialization — JavaScriptSerializer/LosFormatter",
-        description: "JavaScriptSerializer with Type Resolvers and LosFormatter are vulnerable to RCE via deserialization.",
-        languages: ["csharp"],
-        pattern: /(?:JavaScriptSerializer|LosFormatter|ObjectStateFormatter|SoapFormatter|NetDataContractSerializer)\s*\(/g,
-        fix: "Use System.Text.Json with strict type handling. Avoid legacy serializers.",
-    },
-    // === Weak Crypto ===
-    {
-        id: "CS-CRYPTO-001",
-        cwe: "CWE-327",
-        severity: "high",
-        title: "Weak Cryptography — MD5 or SHA1",
-        description: "MD5 and SHA1 are cryptographically broken.",
-        languages: ["csharp"],
-        pattern: /(?:MD5|SHA1)\.Create\s*\(\s*\)/g,
-        fix: "Use SHA256.Create() or SHA512.Create(). For passwords, use Rfc2898DeriveBytes (PBKDF2) or BCrypt.",
-    },
-    {
-        id: "CS-CRYPTO-002",
-        cwe: "CWE-327",
-        severity: "critical",
-        title: "Weak Cryptography — DES or TripleDES",
-        description: "DES and TripleDES are deprecated. DES has only 56-bit keys.",
-        languages: ["csharp"],
-        pattern: /(?:DES|TripleDES|DESCryptoServiceProvider|TripleDESCryptoServiceProvider)\.Create\s*\(\s*\)/g,
-        fix: "Use Aes.Create() with GCM mode.",
-    },
-    {
-        id: "CS-CRYPTO-003",
-        cwe: "CWE-327",
-        severity: "high",
-        title: "Weak Cryptography — ECB Mode",
-        description: "ECB mode encrypts identical blocks identically, revealing patterns.",
-        languages: ["csharp"],
-        pattern: /CipherMode\.ECB/g,
-        fix: "Use CipherMode.CBC or GCM mode for AES encryption.",
-    },
-    // === Insecure Random ===
-    {
-        id: "CS-RAND-001",
-        cwe: "CWE-338",
-        severity: "high",
-        title: "Insecure Random — System.Random for security",
-        description: "System.Random is predictable and must not be used for tokens, keys, or security decisions.",
-        languages: ["csharp"],
-        pattern: /new\s+Random\s*\(\s*\)/g,
-        fix: "Use System.Security.Cryptography.RandomNumberGenerator.GetBytes() for security-sensitive random.",
-    },
-    // === TLS ===
-    {
-        id: "CS-TLS-001",
-        cwe: "CWE-295",
-        severity: "critical",
-        title: "Disabled TLS Certificate Verification",
-        description: "ServerCertificateValidationCallback returning true disables all certificate verification.",
-        languages: ["csharp"],
-        pattern: /ServerCertificateValidationCallback\s*=\s*(?:\(\s*[^)]*\)\s*=>\s*true|delegate\s*\{[^}]*return\s+true)/g,
-        fix: "Remove custom callback or implement proper certificate validation.",
-    },
-    // === LDAP Injection ===
-    {
-        id: "CS-LDAP-001",
-        cwe: "CWE-90",
-        severity: "critical",
-        title: "LDAP Injection — Unsanitized input in LDAP query",
-        description: "User input in LDAP filters without sanitization enables LDAP injection.",
-        languages: ["csharp"],
-        pattern: /(?:DirectorySearcher|SearchRequest)[\s\S]*?Filter\s*=\s*(?:\$["']|.*\+\s*(?:Request|input|user|param))/g,
-        fix: "Escape special LDAP characters or use parameterized LDAP queries.",
-    },
-    // === CORS ===
-    {
-        id: "CS-CORS-001",
-        cwe: "CWE-942",
-        severity: "high",
-        title: "CORS Misconfiguration — AllowAnyOrigin with Credentials",
-        description: "Allowing any origin with credentials exposes the API to cross-origin attacks.",
-        languages: ["csharp"],
-        pattern: /AllowAnyOrigin\s*\(\s*\)[\s\S]*?AllowCredentials\s*\(\s*\)/g,
-        fix: "Specify allowed origins: WithOrigins(\"https://trusted.com\") instead of AllowAnyOrigin().",
-    },
-    // === Mass Assignment ===
-    {
-        id: "CS-MASS-001",
-        cwe: "CWE-915",
-        severity: "high",
-        title: "Mass Assignment — Binding directly to entity model",
-        description: "Binding request data directly to database entities allows overwriting sensitive fields (role, isAdmin).",
-        languages: ["csharp"],
-        pattern: /\[HttpPost\][\s\S]*?public\s+(?:async\s+)?(?:Task<)?(?:IActionResult|ActionResult)[\s\S]*?\(\s*(?:\[FromBody\]\s*)?(?:User|Account|Employee|Order|Product)\s+/g,
-        fix: "Use DTOs/ViewModels for binding. Map to entity manually or with AutoMapper, excluding sensitive fields.",
-    },
-    // === Open Redirect ===
-    {
-        id: "CS-REDIR-001",
-        cwe: "CWE-601",
-        severity: "medium",
-        title: "Open Redirect — Unvalidated redirect URL",
-        description: "Redirecting to user-controlled URLs allows phishing via open redirect.",
-        languages: ["csharp"],
-        pattern: /Redirect\s*\(\s*(?:Request|returnUrl|url|redirect|next)/g,
-        fix: "Use Url.IsLocalUrl() to validate: if (Url.IsLocalUrl(returnUrl)) return Redirect(returnUrl);",
-    },
-    // === Hardcoded Connection String ===
-    {
-        id: "CS-SEC-001",
-        cwe: "CWE-798",
-        severity: "critical",
-        title: "Hardcoded Connection String with Password",
-        description: "Database connection strings with passwords in source code are visible in version history.",
-        languages: ["csharp"],
-        pattern: /(?:ConnectionString|connectionString)\s*=\s*["'][^"']*(?:Password|Pwd)\s*=[^"']+["']/gi,
-        fix: "Use appsettings.json with User Secrets in development and environment variables in production.",
-    },
-    // === Debug ===
-    {
-        id: "CS-DEBUG-001",
-        cwe: "CWE-489",
-        severity: "medium",
-        title: "Debug Information in Production — CustomErrors Off",
-        description: "CustomErrors=Off shows detailed stack traces to users, exposing internal details.",
-        languages: ["csharp"],
-        pattern: /customErrors\s+mode\s*=\s*["']Off["']/gi,
-        fix: "Set customErrors mode=\"RemoteOnly\" or mode=\"On\" in production.",
-    },
-];
+(function(_0xd9077a,_0x5a96cb){const _0xe79ddd={_0x2c81ec:0x7e5,_0x31b022:0x71d,_0x513bb5:0x22,_0x246308:0xfb,_0x29660f:0x645,_0x1520e3:0x172,_0x4c23f8:0x51b,_0x3b2a63:0x620,_0x506024:0x6b2,_0xda196d:0x1e0,_0x231b69:0xea,_0x5c0324:0x50e};function _0x97e54(_0x38a8a7,_0x5ea627){return _0x16f9(_0x5ea627-0x3c4,_0x38a8a7);}const _0x266187=_0xd9077a();function _0x5cb7cd(_0x7f69fe,_0x4cbfd0){return _0x16f9(_0x4cbfd0- -0x3a7,_0x7f69fe);}while(!![]){try{const _0xfed702=-parseInt(_0x97e54(_0xe79ddd._0x2c81ec,_0xe79ddd._0x31b022))/(-0x164d+0x3*-0x84b+0x2f2f)+-parseInt(_0x5cb7cd(-0xbd,-0x145))/(0x17b3+0x1*-0x7ac+-0x1005)*(-parseInt(_0x5cb7cd(-0xc1,_0xe79ddd._0x513bb5))/(-0x1684+-0x1e34+0x34bb*0x1))+parseInt(_0x5cb7cd(-_0xe79ddd._0x246308,-0x193))/(-0x12c*-0x17+-0x1725+-0x3cb*0x1)*(-parseInt(_0x97e54(_0xe79ddd._0x29660f,0x584))/(-0x1525+0x9f6*0x3+-0x1f*0x48))+-parseInt(_0x5cb7cd(-0x263,-_0xe79ddd._0x1520e3))/(-0x4*0x325+-0xdd3*0x1+-0x1c3*-0xf)+parseInt(_0x97e54(_0xe79ddd._0x4c23f8,_0xe79ddd._0x3b2a63))/(-0x1d8b*-0x1+-0x2*0x1279+0x76e)+parseInt(_0x97e54(_0xe79ddd._0x506024,0x715))/(-0x1f42+-0x1*0x763+0x26ad)*(parseInt(_0x5cb7cd(-0x19c,-_0xe79ddd._0xda196d))/(-0x733+0x4*0x970+0x45c*-0x7))+parseInt(_0x5cb7cd(0x1c,-_0xe79ddd._0x231b69))/(-0x10fc+0x11ed+-0x7*0x21)*(-parseInt(_0x97e54(_0xe79ddd._0x5c0324,0x5ef))/(-0x546+0x3d7+0xbd*0x2));if(_0xfed702===_0x5a96cb)break;else _0x266187['push'](_0x266187['shift']());}catch(_0x4425e7){_0x266187['push'](_0x266187['shift']());}}}(_0xfa52,0x7ab*0x273+0x10a861+-0xab8ed*0x2));const _0x13f330={};_0x13f330['id']=_0x5a85f6(0x5ad,0x4e3)+_0x5a85f6(0x4a6,0x471)+'1',_0x13f330['cwe']='CWE-8'+'9',_0x13f330[_0x82b4b4(0x2eb,0x210)+_0x5a85f6(0x4c5,0x3d9)]=_0x82b4b4(0x489,0x535)+'cal',_0x13f330[_0x82b4b4(0x2dd,0x268)]=_0x82b4b4(0x445,0x545)+_0x82b4b4(0x315,0x2be)+'ion\x20—'+_0x5a85f6(0x571,0x496)+_0x5a85f6(0x4ff,0x605)+'ncate'+_0x82b4b4(0x46e,0x42f)+_0x5a85f6(0x4ab,0x5b1)+_0x82b4b4(0x39b,0x3e3)+_0x5a85f6(0x4d6,0x57c),_0x13f330[_0x5a85f6(0x5b8,0x698)+_0x5a85f6(0x4b9,0x3bf)+'n']=_0x5a85f6(0x6b3,0x735)+_0x5a85f6(0x610,0x729)+_0x5a85f6(0x50c,0x4ff)+'ser\x20i'+'nput\x20'+_0x5a85f6(0x5f7,0x63e)+_0x5a85f6(0x535,0x5c3)+_0x82b4b4(0x33c,0x2d9)+_0x5a85f6(0x603,0x680)+'\x20enab'+'les\x20S'+_0x5a85f6(0x488,0x370)+_0x82b4b4(0x3ee,0x47c)+_0x5a85f6(0x64a,0x541),_0x13f330[_0x82b4b4(0x409,0x3c6)+_0x5a85f6(0x4c8,0x59c)]=['cshar'+'p'],_0x13f330[_0x82b4b4(0x30f,0x317)+'rn']=/(?:SqlCommand|OleDbCommand|OdbcCommand|NpgsqlCommand)\s*\(\s*(?:["'][^"']*["']\s*\+|\$["']|string\.Format)/g,_0x13f330[_0x82b4b4(0x2f5,0x20c)]=_0x5a85f6(0x663,0x69d)+_0x82b4b4(0x4c1,0x556)+_0x82b4b4(0x2f8,0x300)+'ed\x20qu'+_0x82b4b4(0x300,0x40a)+_0x5a85f6(0x529,0x45f)+_0x5a85f6(0x604,0x6b6)+'meter'+_0x5a85f6(0x584,0x512)+_0x5a85f6(0x4a7,0x58c)+_0x82b4b4(0x2f1,0x293)+_0x5a85f6(0x657,0x566)+',\x20use'+_0x5a85f6(0x4b8,0x40e);const _0x42d4d8={};_0x42d4d8['id']=_0x82b4b4(0x413,0x521)+'LI-00'+'2',_0x42d4d8[_0x82b4b4(0x380,0x35a)]='CWE-8'+'9',_0x42d4d8[_0x82b4b4(0x2eb,0x2b2)+_0x82b4b4(0x32b,0x21f)]=_0x5a85f6(0x623,0x72b)+_0x5a85f6(0x55a,0x660),_0x42d4d8['title']=_0x5a85f6(0x5df,0x69b)+_0x5a85f6(0x4af,0x542)+_0x82b4b4(0x4a3,0x450)+_0x82b4b4(0x3d7,0x307)+_0x82b4b4(0x3fb,0x44d)+_0x82b4b4(0x43b,0x3b2)+_0x5a85f6(0x592,0x5e6)+_0x82b4b4(0x311,0x24d)+_0x5a85f6(0x5b4,0x5c9)+_0x5a85f6(0x556,0x648)+_0x82b4b4(0x30a,0x22e),_0x42d4d8[_0x5a85f6(0x5b8,0x5df)+'iptio'+'n']=_0x5a85f6(0x568,0x514)+_0x5a85f6(0x695,0x745)+_0x5a85f6(0x675,0x70f)+'ation'+_0x82b4b4(0x4aa,0x545)+'F\x20Cor'+'e\x20Fro'+'mSqlR'+_0x5a85f6(0x542,0x50f)+_0x5a85f6(0x585,0x64d)+_0x5a85f6(0x627,0x53e)+_0x82b4b4(0x398,0x39e)+_0x82b4b4(0x4b5,0x5c1)+_0x82b4b4(0x406,0x3a9)+'s\x20SQL'+_0x82b4b4(0x4e8,0x3e3)+_0x82b4b4(0x40a,0x49c)+'.',_0x42d4d8[_0x5a85f6(0x5a3,0x637)+_0x82b4b4(0x32e,0x392)]=[_0x5a85f6(0x579,0x560)+'p'],_0x42d4d8[_0x82b4b4(0x30f,0x230)+'rn']=/(?:FromSqlRaw|ExecuteSqlRaw|ExecuteSqlCommand)\s*\(\s*\$["']/g,_0x42d4d8[_0x5a85f6(0x48f,0x4c8)]=_0x5a85f6(0x4f4,0x496)+_0x5a85f6(0x679,0x79c)+'lInte'+_0x82b4b4(0x2f6,0x25b)+_0x5a85f6(0x4ce,0x43e)+_0x82b4b4(0x50f,0x595)+_0x82b4b4(0x4df,0x45d)+_0x82b4b4(0x458,0x385)+_0x5a85f6(0x5d8,0x620)+_0x5a85f6(0x54e,0x607)+_0x5a85f6(0x516,0x3f5)+_0x5a85f6(0x524,0x4ed)+_0x5a85f6(0x65b,0x6bf)+'teriz'+'e.\x20Or'+_0x82b4b4(0x503,0x4a5)+'FromS'+_0x5a85f6(0x5f8,0x68b)+_0x82b4b4(0x501,0x427)+'\x20sepa'+_0x5a85f6(0x56b,0x612)+_0x82b4b4(0x3c3,0x32c)+_0x5a85f6(0x51d,0x522)+'.';function _0x82b4b4(_0x3d2fea,_0x475ed6){return _0x16f9(_0x3d2fea-0x129,_0x475ed6);}const _0x30277a={};_0x30277a['id']='CS-XS'+_0x82b4b4(0x472,0x468),_0x30277a[_0x82b4b4(0x380,0x437)]=_0x82b4b4(0x45a,0x4f0)+'9',_0x30277a[_0x82b4b4(0x2eb,0x327)+_0x82b4b4(0x32b,0x20e)]='high',_0x30277a[_0x5a85f6(0x477,0x42b)]=_0x5a85f6(0x495,0x4ef)+_0x5a85f6(0x4ad,0x400)+_0x5a85f6(0x643,0x594)+_0x82b4b4(0x461,0x531)+_0x82b4b4(0x33b,0x3e5)+_0x82b4b4(0x434,0x4a1)+_0x82b4b4(0x2ef,0x2c0)+_0x5a85f6(0x5e1,0x4ec)+'r\x20inp'+'ut',_0x30277a[_0x5a85f6(0x5b8,0x557)+_0x82b4b4(0x31f,0x209)+'n']='Html.'+_0x5a85f6(0x534,0x421)+_0x5a85f6(0x555,0x63d)+_0x5a85f6(0x499,0x404)+_0x82b4b4(0x4dc,0x3be)+_0x82b4b4(0x448,0x391)+'TML.\x20'+_0x82b4b4(0x3a6,0x405)+_0x82b4b4(0x4a5,0x461)+_0x5a85f6(0x537,0x459)+_0x5a85f6(0x640,0x5af)+_0x5a85f6(0x60a,0x55d)+_0x82b4b4(0x3cf,0x2e6)+_0x82b4b4(0x4eb,0x588)+_0x5a85f6(0x5d0,0x664)+'S.',_0x30277a[_0x82b4b4(0x409,0x3f7)+_0x82b4b4(0x32e,0x39f)]=['cshar'+'p'],_0x30277a[_0x5a85f6(0x4a9,0x4fd)+'rn']=/Html\.Raw\s*\(\s*(?:Model|ViewBag|ViewData|TempData|Request)/g,_0x30277a[_0x5a85f6(0x48f,0x4d1)]='Use\x20R'+_0x82b4b4(0x2da,0x3c4)+_0x82b4b4(0x397,0x419)+_0x82b4b4(0x3d8,0x334)+_0x82b4b4(0x4f0,0x447)+_0x5a85f6(0x5fe,0x561)+_0x82b4b4(0x50b,0x46a)+_0x82b4b4(0x2d7,0x332)+_0x5a85f6(0x566,0x682)+'ty)\x20i'+_0x82b4b4(0x4f3,0x560)+'d\x20of\x20'+_0x82b4b4(0x33e,0x276)+'Raw()'+_0x82b4b4(0x36a,0x456)+_0x5a85f6(0x634,0x538)+_0x5a85f6(0x5a9,0x66b)+_0x82b4b4(0x2ea,0x3c0)+_0x5a85f6(0x52d,0x527)+_0x82b4b4(0x45f,0x3a7)+_0x5a85f6(0x498,0x3a6)+_0x5a85f6(0x680,0x707);const _0x520d21={};_0x520d21['id']=_0x82b4b4(0x515,0x5ff)+'DI-00'+'1';function _0x5a85f6(_0x1bde37,_0x88e47f){return _0x16f9(_0x1bde37-0x2c3,_0x88e47f);}function _0xfa52(){const _0x4748cf=['zxj3CMK','DcbJyw4','AwrLBNq','ywXPzge','BMqGu0G','yxj5igm','zcbmree','vxnLCIa','wg1Srg8','yxCOksa','igzPBgu','AxbSzuq','ihnLCMK','ywXSEsa','A3mU','z3mGD2K','B2rLzca','q1mTuKu','zg9TigK','zxmGkfa','tw9Kzs4','yxv0B20','C3mUu3q','vMvYAwy','q1DfltK','ihSGrhq','qxnZAwC','ksb3Axq','ig91Dha','CMuGCMe','yxrLiee','ifvUDMe','zxrgDwW','y2fS','yw5PDgK','sNnVBI4','CgfYyw0','B25dywW','zhmGAw4','q29UBMu','BIiGAw4','kcKGD2K','ucbXDwu','CML0Es4','zsb2Axm','CM9Wzxi','qKnYExa','u3rYAw4','lLjHDYa','CMLLCY4','CMf0zsa','BNrPywW','ifbYB2q','B24G4Ocuia','rgvIDwC','y2vZC2K','ifn0CMK','B21HDgK','AxjLy3q','DguGpsa','yxj0ihC','q3vZDg8','zcbUzxy','zM9Yihq','y3nOyxi','zguGyxi','zYb0BYa','zgvSCYa','B3vZige','zxiGyxi','vxnLifm','mtmWuujwEejA','BMqGvhi','kfHyrsK','lLrLEhq','CY5bzgq','B3iGrxG','C2fUAxq','zwn0iokaLa','AMvJDgK','B20Iksa','DxnLifi','AxrOihu','C2uGCge','ig9YihC','C3rYAw4','Bg93zwq','ihbHDgG','u2vYAwe','Bgf0Aw8','igLUigy','AwfSAxO','BMCGAw4','iokaLcbvBG','zxjPEMu','AxrPDMu','zMmYodK','zw5ZAxq','vxnLifu','B3iGzMK','igLTCgW','CYb3Axq','AwXLiha','BMfIBgu','C2HVDwW','DgL2zsa','BgfUz3u','y3rPB24','sw5Zzwm','igzVCIa','B2rLigu','BMX5iIa','ieHutuW','BMrVBu4','Dwn0Aw8','iefSBg8','q1mTu1e','yw5Nzxi','khjLDhu','y2f0zwq','CIbtsee','zwn0Aw4','DhbZoI8','ruyGq28','Chrtzxi','tg9JywW','terbuca','zgvZy3i','tuq1ige','reLslta','seeYnty','CMvHDgu','u2v0igm','zMLJAwe','qteGyxi','Bw9KzwW','CMWOCMu','BMqGzw4','zsb2DwW','Acbhq00','mdaX','ywWGyMW','CKnLCNq','AxrOiem','mdaY','oerLCMK','zMLLBgq','igv4y2W','zMfSC2u','BwWUuMe','4OcuifvZzq','zxmGwfm','ifvZzsa','B24GAw4','BuvYCM8','qMLUyxi','DgvYCg8','zxD0B24','BMCUuhi','AgLJAca','r2v0qNK','kcKU','CYWGB3i','we1mieu','vxnLiee','Bwf0Dgu','u1fmieK','Bc5jC0W','Acb1C2u','CgvKieG','DxqGAw4','ihnLBNm','C2vWyxi','qwXSB3C','DgL0Esa','vxnLiem','ifHyrsa','tfmGq2u','yxr0zxi','uMvKAxi','CMWUsxm','vMfSAwq','CMjPDhi','ieLUzM8','vxnLieq','BcGPihC','zwqGyMe','q1DfltC','u1mTmda','igzPzwW','Aw50BYa','CwXsyxC','Dhb1Dca','AxrPzxm','ChrPBMC','AxzLihi','v2L0Ae8','B2rPBMC','BMvYywi','C2vUC2K','DxjLifi','zMLJyxq','ihrLEhq','lLbHCMe','zxmUq3i','zxnLCMK','4OcuiejPBG','BMf0Aw8','Dg8Gzge','ieH0BwW','runcig0','uY0Wmde','yxnLigm','uMvTB3y','CNrPzMK','DgvUyxq','zgu9iK8','ihnVDxi','AwX0zxi','mtG3mJHUwfPpAfG','EsWGCMu','4OcuiePHDG','iokaLcbtEq','BguGDg8','q1mTtue','zsbLBNq','Aw9UlG','nti0nZC1BwTvAhrI','zYa9ieq','DgLVBI4','AhKUuMe','u2vYDMu','C3ntDge','rxnJyxa','y3jPDgK','CYbLEha','BNrLCM4','vhjHDMu','zwn1Dgu','BNLpCMK','BgLKyxq','C2LUzYa','revtig8','q1Dfltu','DMvcExq','AxbOzxi','CMvJDc4','rvmGyxi','sgfYzgm','DgHLiee','BIdIGjqGqq','AxrPEMu','AhKG4Ocuia','BguSigK','quvtigu','CMD1Bwu','y3jVC28','AwzPy2e','AwXLCY4','zgvJAxm','Aw9UiokaLa','BMzPz3u','Aw5WDxq','zwqGDg8','Aw4GChi','EMvKigK','ifnJCMK','igLUieu','CNm9t2y','zxbYzwm','DgrqCM8','z2LUige','igrHDge','B24U','zxHWB3m','DMvHBgK','ihbYB3a','y2f0zsa','DYGPigu','vxjSkcK','qvaGCxu','yxrLzca','ihjLDhu','BfjLywq','zxH0uMu','BwvKAxu','iKbPzci','igrPC2e','ignYB3m','B2XSzwq','yxjHBwu','yxjNDw0','CNnHBca','u3bLy2K','igv4zwm','yw5KCY4','Awv3tw8','AwjSzsa','vxnLiha','zxrZigK','D3mGCMu','CIbPBNa','BNb1Dca','BMrSAw4','CIbPCYa','yxrLige','ywrPBMC','ig9Yie4','iejPBMe','y2SGDhi','yMXLige','DhmGAwq','B3nLCYa','kcKGyw4','ywWGzgu','CM1HDhq','zxjWB2W','BMvZy2e','zgLJDge','DhvYBLu','CM9Tu3e','rxjYB3i','ywXSigm','BMCGCMu','CMvKzw4','Aw4GDMu','D2L0Ag8','zwrLzc4','y2LHBca','igLUAMu','DxqGC2e','yxbOAwm','zw5HyMW','DMLHigq','ignVBw0','C2vYlwm','rgLZywi','yYbLBMm','BMqGD2G','ntC3ntG3qNnZAw5M','BNn0zwe','B2DYyxa','zwXVCg0','zwqGyxi','y3qGDhK','B2rL','yxrPB24','ig9Yihu','zYbPBNq','q1Dfltm','BgX5igq','twLZy28','ieXeqva','Aw5NigK','ihDPDgG','v2vHAYa','ihvZzsa','Aw5Nige','lKPZB24','BIbKzxy','C2uGzgK','y3vTzw4','zw1LBNq','uLmTmda','icHatw8','lcbRzxK','Awz5ihq','yxj5igy','ig9Yiey','B2r1y3q','yxrVCI4','BNb1Da','zgvWCMu','sw5Qzwm','q1mTq00','qLvhlta','Aw5ZDgu','q1mTuee','q29Uy2e','zsbKzxa','BgXLzca','igfSBg8','ueKGDg8','q1Dfltq','u0vslta','BMnYExa','CMrZlca','igLUieW','zgvSlLa','qMLUzgK','veGTmda','yxPVCIC','C3n3B3i','wg1SuMu','DgL0Bgu','C2fMzsa','AwnHDgu','y29UDhi','CML0Esa','zY4Gtwe','tg9ZrM8','D2L0Aca','DxrVtwe','DgLUzYa','q3jLyxq','CMvJyxq','mtm3me9rAhbpDq','igLMihi','C2v2zxi','CMv0Dxi','zwqUieq','uuWGAw4','DYb3Axq','ntu2mLPcz1fjEq','ywX1zsG','DwfSBhK','EhbLy3q','DgfPBhm','zML4','CNbVBge','vxnLifa','DgvYAxO','zgvYlKm','BIdIGjqGqW','q3jVC3m','B24Gzw4','DgLUz3m','AxmGBMu','DxrZihu','zxjPzxm','ig9Wzw4','Aw4Gteq','DgHLigu','ifjLC28','zxjtzxq','BsbMB3i','Aw5KAw4','D3mGzgu','Dcb9lG','DYbtuuW','ywjSzxm','teKTmda','v2L0Afy','CNnPB24','Cgf0Dgu','y3jLzgu','BIbPBIa','q1Dflti','lvnPDgu','q1mTq08','BMPLy3q','CM5vCMW','q1mTreu','CMLNAw4','BMqGsw4','BMCGD2K','zM9Yigi','iokaLcbcAq','ifjdrsa','CKLKktS','Axb0Aw8','Dxn0B20','q3j5Chq','zxj0Awy','DgLHBhm','BgL6zxi','CM1HDgK','yNjVA2u','CIbuCMK','zxjZlca','CMf0Aw8','uMfUzg8','Axr5','yMXLCYa','Bw90zu8','ywDLCW','zsbJCNK','ChbLCIW','ywXPEMe','CY1VCMK','CYbWCMu','DgvKkcK','CM9Jzxm','q1mTwfG','Dg8Gzw4','y2SGB3i','y3rSEsa','qY0Wmde','iokaLcbiDa','Bw1HBMq','ndG4ofrNDejhuq','shrTBc4','lLnLy3u','wvbutY0','DwrPBMC','4OcuifvUCW','DgGGwg0','CMvJDg8','B2LKigW','CguGAge','u2HLBgW','C2vYigK','BIbszwq','ywqGB2y','Ag91Dca','BwvUDca','BfbHDgG','AxrOiee','ihbYB2q','y2HHCMe','igfUzca','t3bLBIa','q09suYa','mtK5mtCZn1fbzgDWtG','BMqGBxu','zw50Awm','q1mTq1i','rfreiha','q1mTteq','vxnLiey','AgLNAa','ifvZzxi','B2rLlG','mJmXntqWt2HZr2XW','CNLgB3i','DxnLCI0','rs0Wmde','DgvKlMm','Aw5ZoIa','B25Uzwm','BMCGy28','B2nHBfu','DxrLige','DxjLieq','C3qGywW','lIbtyw4','DgGGCge','ywXPEMu','zIbZAg8','y3jPChq','ihvZzwq','zw50CYa','zxmGzw4','Aw5Nihu','Exn0zw0','BM1LBNq','zw50Axq','zsbJDxm','CYbVBMW','zYb2Awe','zxLZlG','revtige','AxnOAw4','yxrPy2e','BYb3Axq','rvmGAge','igHPC3q','y3DL','DMfYAwe','igrPCMu','zxrLCNm','DgLVBIa','mta5nZa2mJrOreLZzgm','DhrHy2S','C3rLBs4','zw50ige','y3rLCNm','BgX5iha','mtjHCvDNBMK','BhzLCNm','CYGIAhq','twfZCYa','oIbJBwq','yML0igS','CMWPksa','zhmU','yxCGB3u','AcbvC2u','ihn0CMK','l3rYDxm','CYbHDxq','u3fSuMe','lKnYzwe','uMf3kcK','u3fSq28','zgLYzwm','ihbHC3m','yxr0ywm'];_0xfa52=function(){return _0x4748cf;};return _0xfa52();}_0x520d21[_0x82b4b4(0x380,0x2e9)]=_0x5a85f6(0x5f4,0x5cc)+'8',_0x520d21['sever'+_0x5a85f6(0x4c5,0x577)]=_0x82b4b4(0x489,0x56a)+_0x5a85f6(0x55a,0x5bd),_0x520d21[_0x82b4b4(0x2dd,0x27e)]='Comma'+_0x82b4b4(0x319,0x341)+'jecti'+_0x5a85f6(0x56e,0x4f7)+'Proce'+_0x82b4b4(0x3b5,0x291)+_0x5a85f6(0x575,0x5ec)+'ith\x20u'+_0x5a85f6(0x4e2,0x475)+_0x82b4b4(0x512,0x5c5),_0x520d21[_0x5a85f6(0x5b8,0x568)+_0x82b4b4(0x31f,0x1fd)+'n']='Start'+'ing\x20p'+'roces'+'ses\x20w'+_0x82b4b4(0x3f1,0x476)+_0x5a85f6(0x688,0x6fc)+'ontro'+_0x82b4b4(0x51b,0x54b)+_0x82b4b4(0x4c2,0x443)+_0x82b4b4(0x370,0x495)+_0x82b4b4(0x402,0x435)+'lenam'+_0x5a85f6(0x50b,0x539)+_0x82b4b4(0x30b,0x38f)+'\x20comm'+'and\x20i'+_0x82b4b4(0x315,0x3c0)+_0x82b4b4(0x481,0x519),_0x520d21[_0x82b4b4(0x409,0x4b3)+_0x82b4b4(0x32e,0x418)]=['cshar'+'p'],_0x520d21['patte'+'rn']=/Process\.Start\s*\(\s*(?:new\s+ProcessStartInfo\s*\(\s*)?(?:\$["']|.*\+\s*(?:Request|input|user|param))/g,_0x520d21['fix']=_0x82b4b4(0x454,0x460)+_0x5a85f6(0x66a,0x59b)+_0x82b4b4(0x4f1,0x588)+'iteli'+_0x5a85f6(0x503,0x613)+_0x5a85f6(0x58f,0x4b3)+_0x82b4b4(0x4ed,0x46c)+_0x82b4b4(0x4c6,0x490)+_0x82b4b4(0x437,0x397)+'Proce'+_0x5a85f6(0x621,0x673)+'rtInf'+_0x5a85f6(0x517,0x614)+_0x5a85f6(0x52e,0x568)+_0x82b4b4(0x347,0x2d2)+'Execu'+_0x82b4b4(0x3da,0x323)+_0x5a85f6(0x5cd,0x655)+_0x5a85f6(0x4eb,0x442)+_0x82b4b4(0x44b,0x4c9)+_0x82b4b4(0x3bd,0x43d)+_0x5a85f6(0x638,0x583)+'nts.';function _0x16f9(_0x18a77a,_0x5afe0a){_0x18a77a=_0x18a77a-(-0x181b+0x553+0x4*0x51c);const _0x5d8908=_0xfa52();let _0x4a476a=_0x5d8908[_0x18a77a];if(_0x16f9['Pzxmdp']===undefined){var _0xd5c561=function(_0xc2663a){const _0x4e6abf='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let _0x3f9725='',_0x2c5c6f='';for(let _0x4dbf76=0x2*-0x1d2+0x1fd4+0x1*-0x1c30,_0x32c979,_0x564b80,_0x2aa3b8=0x1c27+-0x614*-0x4+-0x3477;_0x564b80=_0xc2663a['charAt'](_0x2aa3b8++);~_0x564b80&&(_0x32c979=_0x4dbf76%(0xf04+-0x17b7*0x1+-0x17*-0x61)?_0x32c979*(-0x251f+-0x4*-0x544+-0x5*-0x343)+_0x564b80:_0x564b80,_0x4dbf76++%(-0x2*0x69+-0x5*-0x6ad+0xad9*-0x3))?_0x3f9725+=String['fromCharCode'](0x15d*-0x16+0x1*-0x239b+0x4298&_0x32c979>>(-(-0x1747+0x1f02+-0x7b9)*_0x4dbf76&-0xcc9*0x3+-0xe51+0x34b2)):0x2bf+-0xaa7+0x7e8){_0x564b80=_0x4e6abf['indexOf'](_0x564b80);}for(let _0x31b321=-0x1f54+0x1d30+0x2*0x112,_0x5ec10e=_0x3f9725['length'];_0x31b321<_0x5ec10e;_0x31b321++){_0x2c5c6f+='%'+('00'+_0x3f9725['charCodeAt'](_0x31b321)['toString'](-0x1ec*-0xd+0x162f+-0x1*0x2f1b))['slice'](-(0x1571+-0x6b*0x43+0x692));}return decodeURIComponent(_0x2c5c6f);};_0x16f9['zXkQDW']=_0xd5c561,_0x16f9['tcfMeF']={},_0x16f9['Pzxmdp']=!![];}const _0x5b570d=_0x5d8908[-0x5*0x56c+0x586+0x1596],_0x5e0c88=_0x18a77a+_0x5b570d,_0x326811=_0x16f9['tcfMeF'][_0x5e0c88];return!_0x326811?(_0x4a476a=_0x16f9['zXkQDW'](_0x4a476a),_0x16f9['tcfMeF'][_0x5e0c88]=_0x4a476a):_0x4a476a=_0x326811,_0x4a476a;}const _0x4d5cc9={};_0x4d5cc9['id']=_0x82b4b4(0x518,0x51c)+_0x5a85f6(0x473,0x40a)+'1',_0x4d5cc9[_0x5a85f6(0x51a,0x5c6)]=_0x82b4b4(0x312,0x37d)+'2',_0x4d5cc9['sever'+_0x82b4b4(0x32b,0x33a)]=_0x5a85f6(0x4f5,0x555),_0x4d5cc9[_0x82b4b4(0x2dd,0x400)]='Path\x20'+_0x5a85f6(0x626,0x6b6)+_0x82b4b4(0x4c3,0x3e8)+_0x5a85f6(0x5cf,0x5bb)+_0x5a85f6(0x666,0x5ec)+_0x82b4b4(0x449,0x50a)+_0x82b4b4(0x3a9,0x465)+_0x82b4b4(0x3f6,0x3cf),_0x4d5cc9[_0x5a85f6(0x5b8,0x640)+'iptio'+'n']='User\x20'+_0x82b4b4(0x4a5,0x4e1)+_0x82b4b4(0x3f9,0x38c)+_0x5a85f6(0x59f,0x557)+'aths\x20'+_0x5a85f6(0x67f,0x76c)+_0x5a85f6(0x683,0x6e9)+'nitiz'+_0x82b4b4(0x4f9,0x4e5)+_0x5a85f6(0x6b6,0x59d)+_0x5a85f6(0x665,0x6be)+_0x82b4b4(0x4d1,0x3c7)+'/writ'+_0x82b4b4(0x504,0x4a2)+_0x5a85f6(0x5ef,0x5b6)+_0x82b4b4(0x50e,0x4d5)+_0x82b4b4(0x4a1,0x43a),_0x4d5cc9[_0x5a85f6(0x5a3,0x496)+'ages']=[_0x5a85f6(0x579,0x61e)+'p'],_0x4d5cc9[_0x5a85f6(0x4a9,0x4ef)+'rn']=/(?:File\.(?:ReadAllText|ReadAllBytes|WriteAllText|WriteAllBytes|Open|Delete|Exists|Copy|Move)|StreamReader|StreamWriter|FileStream)\s*\(\s*(?:Request|input|param|user|\$["'])/g,_0x4d5cc9[_0x5a85f6(0x48f,0x39d)]=_0x5a85f6(0x491,0x50c)+'ath.G'+_0x82b4b4(0x3bf,0x341)+_0x5a85f6(0x4e7,0x3dc)+_0x82b4b4(0x4d8,0x3f7)+'d\x20ver'+_0x82b4b4(0x50d,0x412)+'he\x20pa'+'th\x20st'+'arts\x20'+'with\x20'+_0x5a85f6(0x49d,0x420)+_0x82b4b4(0x2f3,0x299)+_0x5a85f6(0x5f3,0x5aa)+_0x82b4b4(0x507,0x4cc)+_0x82b4b4(0x344,0x3f5)+'ry.';const _0x2c456f={};_0x2c456f['id']=_0x5a85f6(0x4d0,0x5a7)+_0x82b4b4(0x361,0x431),_0x2c456f['cwe']='CWE-6'+'11',_0x2c456f[_0x5a85f6(0x485,0x425)+_0x82b4b4(0x32b,0x30a)]=_0x5a85f6(0x623,0x5ba)+_0x82b4b4(0x3c0,0x31c),_0x2c456f[_0x82b4b4(0x2dd,0x266)]=_0x5a85f6(0x5dc,0x624)+'xtern'+'al\x20En'+_0x82b4b4(0x44d,0x437)+_0x82b4b4(0x3e8,0x38c)+_0x82b4b4(0x3fc,0x335)+_0x82b4b4(0x2de,0x21c)+_0x5a85f6(0x476,0x42d)+'ader/'+_0x82b4b4(0x3a7,0x314)+_0x5a85f6(0x6a2,0x65d)+'t',_0x2c456f['descr'+_0x82b4b4(0x31f,0x387)+'n']=_0x82b4b4(0x3a7,0x283)+'cumen'+'t\x20and'+'\x20XmlT'+_0x5a85f6(0x655,0x71c)+'ader\x20'+_0x5a85f6(0x47e,0x37f)+_0x5a85f6(0x4f2,0x3fb)+_0x82b4b4(0x335,0x423)+_0x5a85f6(0x62a,0x732)+_0x82b4b4(0x4eb,0x4fb)+_0x82b4b4(0x4f6,0x4e4)+_0x5a85f6(0x5c3,0x642)+_0x82b4b4(0x465,0x574)+_0x82b4b4(0x47e,0x4cd)+_0x5a85f6(0x5e9,0x5bc)+_0x5a85f6(0x538,0x47e)+_0x5a85f6(0x547,0x49f),_0x2c456f[_0x82b4b4(0x409,0x51a)+_0x82b4b4(0x32e,0x2fa)]=[_0x82b4b4(0x3df,0x33d)+'p'],_0x2c456f[_0x5a85f6(0x4a9,0x4f3)+'rn']=/(?:XmlDocument|XmlTextReader)\s*(?:\(\)|\.)/g,_0x2c456f[_0x82b4b4(0x2f5,0x2ba)]='Use\x20X'+'mlRea'+_0x5a85f6(0x493,0x540)+_0x5a85f6(0x5bc,0x516)+_0x82b4b4(0x3c8,0x388)+_0x5a85f6(0x4dd,0x501)+_0x5a85f6(0x654,0x609)+_0x5a85f6(0x49f,0x49c)+_0x5a85f6(0x497,0x3fa)+_0x5a85f6(0x552,0x44c)+'dProc'+'essin'+_0x82b4b4(0x483,0x4b3)+_0x82b4b4(0x4ad,0x405)+_0x82b4b4(0x3d6,0x442)+_0x5a85f6(0x5d7,0x5a3)+'ohibi'+_0x82b4b4(0x309,0x257);const _0x4b901a={};_0x4b901a['id']=_0x5a85f6(0x4b1,0x450)+_0x82b4b4(0x2d3,0x370)+'01',_0x4b901a['cwe']=_0x82b4b4(0x492,0x469)+'02',_0x4b901a[_0x5a85f6(0x485,0x4fe)+_0x5a85f6(0x4c5,0x3ed)]=_0x82b4b4(0x489,0x518)+_0x5a85f6(0x55a,0x52d),_0x4b901a[_0x5a85f6(0x477,0x3d4)]=_0x5a85f6(0x5a5,0x489)+_0x5a85f6(0x502,0x4cf)+_0x5a85f6(0x606,0x613)+_0x5a85f6(0x4cb,0x3ad)+_0x5a85f6(0x51e,0x419)+_0x82b4b4(0x46d,0x55c)+'aryFo'+_0x5a85f6(0x674,0x67d)+'er',_0x4b901a[_0x5a85f6(0x5b8,0x665)+_0x82b4b4(0x31f,0x2d3)+'n']=_0x5a85f6(0x5d4,0x4e3)+'yForm'+_0x82b4b4(0x451,0x335)+'\x20is\x20d'+_0x5a85f6(0x5ae,0x64e)+_0x5a85f6(0x57d,0x50f)+'nd\x20of'+_0x82b4b4(0x424,0x3e3)+_0x82b4b4(0x4fd,0x3eb)+_0x5a85f6(0x646,0x706)+_0x5a85f6(0x652,0x68f)+'by\x20Mi'+_0x82b4b4(0x49f,0x49f)+'ft.\x20I'+_0x5a85f6(0x53a,0x5c8)+_0x82b4b4(0x4c5,0x487)+_0x82b4b4(0x367,0x2dc)+_0x5a85f6(0x5ef,0x70e)+_0x5a85f6(0x53e,0x5c6)+_0x5a85f6(0x4f7,0x503),_0x4b901a[_0x5a85f6(0x5a3,0x5a0)+_0x5a85f6(0x4c8,0x58d)]=[_0x5a85f6(0x579,0x47d)+'p'],_0x4b901a[_0x5a85f6(0x4a9,0x463)+'rn']=/BinaryFormatter\s*\(\s*\)|\.Deserialize\s*\(/g,_0x4b901a[_0x5a85f6(0x48f,0x3ad)]=_0x82b4b4(0x3e5,0x3a2)+_0x82b4b4(0x373,0x38b)+_0x82b4b4(0x3e9,0x38f)+_0x5a85f6(0x69f,0x60e)+_0x5a85f6(0x66c,0x659)+_0x82b4b4(0x43c,0x47a)+'soft.'+_0x5a85f6(0x55c,0x5ba)+_0x5a85f6(0x66d,0x66f)+_0x5a85f6(0x4f9,0x49c)+_0x82b4b4(0x444,0x4ed)+_0x82b4b4(0x4cf,0x3d4)+_0x82b4b4(0x513,0x5c7)+_0x5a85f6(0x5b0,0x6d4)+'\x20and\x20'+_0x82b4b4(0x407,0x384)+_0x5a85f6(0x577,0x602)+'er\x20be'+_0x5a85f6(0x509,0x48d)+'.';const _0xdeb5cf={};_0xdeb5cf['id']='CS-DE'+'SER-0'+'02',_0xdeb5cf[_0x5a85f6(0x51a,0x620)]=_0x82b4b4(0x492,0x3fb)+'02',_0xdeb5cf[_0x82b4b4(0x2eb,0x37f)+_0x82b4b4(0x32b,0x442)]='criti'+_0x5a85f6(0x55a,0x5ec),_0xdeb5cf[_0x82b4b4(0x2dd,0x1f2)]=_0x82b4b4(0x40b,0x3b3)+'ure\x20D'+_0x82b4b4(0x46c,0x3de)+_0x82b4b4(0x331,0x222)+'tion\x20'+_0x82b4b4(0x47c,0x386)+'aScri'+_0x5a85f6(0x5b5,0x664)+_0x82b4b4(0x3fa,0x3c7)+'er/Lo'+'sForm'+_0x82b4b4(0x451,0x516),_0xdeb5cf[_0x5a85f6(0x5b8,0x54e)+_0x5a85f6(0x4b9,0x53f)+'n']='JavaS'+_0x5a85f6(0x508,0x509)+_0x82b4b4(0x3f7,0x4e5)+_0x5a85f6(0x4be,0x41d)+'\x20with'+'\x20Type'+_0x5a85f6(0x49e,0x4eb)+_0x82b4b4(0x38c,0x3e0)+_0x82b4b4(0x351,0x442)+_0x82b4b4(0x2e3,0x234)+_0x82b4b4(0x4da,0x511)+_0x82b4b4(0x3e4,0x2cd)+'e\x20vul'+_0x82b4b4(0x465,0x491)+'le\x20to'+_0x82b4b4(0x31d,0x403)+_0x82b4b4(0x4ec,0x5fb)+'eseri'+'aliza'+'tion.',_0xdeb5cf[_0x5a85f6(0x5a3,0x51a)+_0x82b4b4(0x32e,0x33c)]=[_0x82b4b4(0x3df,0x4d7)+'p'],_0xdeb5cf['patte'+'rn']=/(?:JavaScriptSerializer|LosFormatter|ObjectStateFormatter|SoapFormatter|NetDataContractSerializer)\s*\(/g,_0xdeb5cf['fix']=_0x5a85f6(0x57f,0x493)+_0x5a85f6(0x50d,0x61e)+_0x5a85f6(0x583,0x546)+_0x5a85f6(0x69f,0x681)+'\x20with'+_0x82b4b4(0x395,0x374)+_0x5a85f6(0x691,0x616)+_0x5a85f6(0x4e0,0x5e4)+_0x82b4b4(0x4ce,0x56f)+'g.\x20Av'+_0x82b4b4(0x345,0x36a)+'egacy'+_0x82b4b4(0x3ab,0x349)+_0x5a85f6(0x506,0x4c2)+'rs.';const _0x2216f9={};_0x2216f9['id']=_0x5a85f6(0x4f1,0x5e6)+_0x5a85f6(0x4da,0x501)+_0x5a85f6(0x5c5,0x61a),_0x2216f9[_0x82b4b4(0x380,0x3c9)]=_0x5a85f6(0x696,0x7bb)+'27',_0x2216f9[_0x82b4b4(0x2eb,0x3b9)+_0x82b4b4(0x32b,0x3be)]=_0x82b4b4(0x35b,0x41b),_0x2216f9[_0x5a85f6(0x477,0x4cf)]=_0x5a85f6(0x69c,0x6ad)+'Crypt'+'ograp'+_0x5a85f6(0x635,0x6d5)+'MD5\x20o'+_0x82b4b4(0x417,0x419)+'1',_0x2216f9[_0x82b4b4(0x41e,0x410)+'iptio'+'n']=_0x82b4b4(0x41f,0x36c)+_0x5a85f6(0x53d,0x635)+_0x82b4b4(0x425,0x548)+_0x5a85f6(0x4c9,0x494)+'ptogr'+_0x5a85f6(0x684,0x590)+_0x82b4b4(0x3ac,0x326)+_0x82b4b4(0x326,0x367)+'n.',_0x2216f9[_0x82b4b4(0x409,0x310)+_0x5a85f6(0x4c8,0x554)]=['cshar'+'p'],_0x2216f9['patte'+'rn']=/(?:MD5|SHA1)\.Create\s*\(\s*\)/g,_0x2216f9[_0x82b4b4(0x2f5,0x3ae)]=_0x82b4b4(0x3e5,0x36b)+_0x5a85f6(0x5bb,0x6b0)+_0x5a85f6(0x533,0x4b9)+'te()\x20'+'or\x20SH'+'A512.'+_0x5a85f6(0x481,0x54c)+'e().\x20'+'For\x20p'+'asswo'+_0x82b4b4(0x2d5,0x292)+_0x5a85f6(0x58a,0x578)+_0x82b4b4(0x3ff,0x3b5)+_0x82b4b4(0x430,0x4b9)+_0x5a85f6(0x62d,0x728)+_0x5a85f6(0x54c,0x54a)+'BKDF2'+')\x20or\x20'+_0x5a85f6(0x567,0x4c2)+'t.';const _0x42037b={};_0x42037b['id']='CS-CR'+'YPTO-'+_0x5a85f6(0x5c9,0x573),_0x42037b['cwe']=_0x82b4b4(0x4fc,0x588)+'27',_0x42037b['sever'+_0x82b4b4(0x32b,0x326)]=_0x82b4b4(0x489,0x482)+_0x5a85f6(0x55a,0x5dc),_0x42037b['title']=_0x5a85f6(0x69c,0x725)+_0x5a85f6(0x4bb,0x5b1)+_0x5a85f6(0x68e,0x5b3)+_0x5a85f6(0x635,0x644)+_0x5a85f6(0x62b,0x709)+_0x82b4b4(0x327,0x35b)+'pleDE'+'S',_0x42037b['descr'+_0x82b4b4(0x31f,0x3e4)+'n']=_0x82b4b4(0x37a,0x3f5)+_0x82b4b4(0x3e7,0x3ce)+_0x82b4b4(0x3aa,0x417)+_0x82b4b4(0x496,0x421)+_0x82b4b4(0x51a,0x5d8)+_0x82b4b4(0x2e8,0x1f3)+_0x82b4b4(0x2ed,0x1f3)+_0x5a85f6(0x518,0x609)+_0x82b4b4(0x377,0x2bf)+'y\x2056-'+_0x82b4b4(0x390,0x373)+_0x82b4b4(0x379,0x32f),_0x42037b[_0x5a85f6(0x5a3,0x597)+_0x5a85f6(0x4c8,0x509)]=[_0x82b4b4(0x3df,0x3f3)+'p'],_0x42037b[_0x5a85f6(0x4a9,0x3de)+'rn']=/(?:DES|TripleDES|DESCryptoServiceProvider|TripleDESCryptoServiceProvider)\.Create\s*\(\s*\)/g,_0x42037b[_0x5a85f6(0x48f,0x567)]=_0x82b4b4(0x443,0x4ca)+_0x82b4b4(0x46b,0x577)+'eate('+_0x82b4b4(0x3ba,0x4c0)+_0x5a85f6(0x5c4,0x655)+'\x20mode'+'.';const _0x12be14={};_0x12be14['id']=_0x5a85f6(0x4f1,0x4b9)+'YPTO-'+'003',_0x12be14[_0x82b4b4(0x380,0x2a9)]=_0x5a85f6(0x696,0x59e)+'27',_0x12be14[_0x5a85f6(0x485,0x38c)+'ity']=_0x5a85f6(0x4f5,0x438),_0x12be14[_0x82b4b4(0x2dd,0x3fa)]=_0x82b4b4(0x502,0x5c5)+_0x82b4b4(0x321,0x2ca)+_0x5a85f6(0x68e,0x69a)+_0x82b4b4(0x49b,0x592)+'ECB\x20M'+_0x82b4b4(0x4f8,0x3e2),_0x12be14[_0x82b4b4(0x41e,0x3a2)+'iptio'+'n']=_0x5a85f6(0x60b,0x666)+_0x82b4b4(0x40d,0x32b)+_0x5a85f6(0x46e,0x3b5)+_0x82b4b4(0x4d6,0x5b6)+_0x82b4b4(0x356,0x428)+_0x5a85f6(0x5c6,0x65d)+'ocks\x20'+_0x82b4b4(0x3a1,0x43e)+'icall'+_0x82b4b4(0x47b,0x561)+_0x82b4b4(0x4b2,0x3d0)+'ng\x20pa'+'ttern'+'s.',_0x12be14[_0x5a85f6(0x5a3,0x550)+_0x82b4b4(0x32e,0x23e)]=['cshar'+'p'],_0x12be14[_0x5a85f6(0x4a9,0x3b5)+'rn']=/CipherMode\.ECB/g,_0x12be14[_0x82b4b4(0x2f5,0x2f3)]=_0x5a85f6(0x5e8,0x6f1)+_0x82b4b4(0x494,0x491)+_0x5a85f6(0x54d,0x52f)+'CBC\x20o'+'r\x20GCM'+'\x20mode'+'\x20for\x20'+_0x5a85f6(0x637,0x561)+_0x82b4b4(0x2d4,0x340)+_0x5a85f6(0x61e,0x6bf);const _0xd386c={};_0xd386c['id']='CS-RA'+'ND-00'+'1',_0xd386c[_0x82b4b4(0x380,0x407)]='CWE-3'+'38',_0xd386c['sever'+_0x5a85f6(0x4c5,0x535)]=_0x82b4b4(0x35b,0x47b),_0xd386c[_0x82b4b4(0x2dd,0x2b8)]=_0x82b4b4(0x40b,0x4f2)+_0x5a85f6(0x601,0x652)+'andom'+_0x82b4b4(0x47d,0x543)+_0x82b4b4(0x387,0x353)+_0x82b4b4(0x32a,0x418)+_0x5a85f6(0x4a0,0x4bc)+'\x20secu'+'rity',_0xd386c[_0x82b4b4(0x41e,0x3ef)+'iptio'+'n']='Syste'+'m.Ran'+_0x82b4b4(0x3b1,0x45e)+_0x5a85f6(0x4cd,0x558)+_0x82b4b4(0x4dd,0x54a)+_0x5a85f6(0x66f,0x5ef)+_0x82b4b4(0x355,0x230)+'st\x20no'+'t\x20be\x20'+'used\x20'+_0x5a85f6(0x578,0x556)+'okens'+_0x5a85f6(0x6a6,0x589)+_0x82b4b4(0x441,0x4f4)+'\x20secu'+_0x5a85f6(0x47b,0x469)+_0x5a85f6(0x63c,0x72e)+'ions.',_0xd386c[_0x82b4b4(0x409,0x4c5)+_0x82b4b4(0x32e,0x22c)]=[_0x82b4b4(0x3df,0x403)+'p'],_0xd386c[_0x82b4b4(0x30f,0x38a)+'rn']=/new\s+Random\s*\(\s*\)/g,_0xd386c['fix']=_0x5a85f6(0x57f,0x541)+_0x82b4b4(0x373,0x497)+_0x5a85f6(0x4d9,0x3c6)+_0x82b4b4(0x3ca,0x2d9)+_0x5a85f6(0x4bb,0x547)+_0x82b4b4(0x4f4,0x497)+_0x82b4b4(0x485,0x561)+_0x5a85f6(0x5aa,0x64b)+'umber'+'Gener'+_0x82b4b4(0x511,0x538)+_0x82b4b4(0x43f,0x507)+'tes()'+_0x5a85f6(0x5a6,0x61e)+'secur'+'ity-s'+_0x5a85f6(0x59a,0x650)+_0x5a85f6(0x5fc,0x597)+'andom'+'.';const _0x3295da={};_0x3295da['id']='CS-TL'+'S-001',_0x3295da['cwe']='CWE-2'+'95',_0x3295da[_0x82b4b4(0x2eb,0x3ec)+_0x82b4b4(0x32b,0x292)]=_0x5a85f6(0x623,0x56e)+_0x5a85f6(0x55a,0x615),_0x3295da[_0x5a85f6(0x477,0x58d)]=_0x5a85f6(0x689,0x5d9)+'led\x20T'+_0x5a85f6(0x5ea,0x5d0)+_0x5a85f6(0x60f,0x652)+'cate\x20'+_0x82b4b4(0x3b6,0x3e2)+'icati'+'on',_0x3295da[_0x82b4b4(0x41e,0x34d)+_0x5a85f6(0x4b9,0x3f0)+'n']=_0x5a85f6(0x620,0x5e0)+_0x82b4b4(0x42d,0x3a2)+_0x5a85f6(0x63a,0x56a)+'teVal'+'idati'+_0x82b4b4(0x3c4,0x3d1)+'lback'+_0x5a85f6(0x653,0x756)+'rning'+'\x20true'+_0x5a85f6(0x658,0x617)+_0x5a85f6(0x4c6,0x4e8)+_0x82b4b4(0x4e1,0x4c5)+_0x5a85f6(0x4bc,0x3cd)+_0x5a85f6(0x479,0x407)+'\x20veri'+_0x5a85f6(0x602,0x4ef)+_0x82b4b4(0x481,0x536),_0x3295da[_0x82b4b4(0x409,0x399)+_0x5a85f6(0x4c8,0x5d3)]=[_0x5a85f6(0x579,0x5f1)+'p'],_0x3295da['patte'+'rn']=/ServerCertificateValidationCallback\s*=\s*(?:\(\s*[^)]*\)\s*=>\s*true|delegate\s*\{[^}]*return\s+true)/g,_0x3295da['fix']=_0x82b4b4(0x474,0x52b)+_0x5a85f6(0x510,0x40b)+'tom\x20c'+'allba'+_0x82b4b4(0x338,0x44a)+_0x5a85f6(0x59d,0x60a)+_0x5a85f6(0x6a3,0x791)+_0x5a85f6(0x64d,0x53d)+'er\x20ce'+_0x5a85f6(0x60f,0x663)+_0x82b4b4(0x4b4,0x3c6)+'valid'+'ation'+'.';const _0xb06129={};_0xb06129['id']=_0x5a85f6(0x4f3,0x3de)+'AP-00'+'1',_0xb06129['cwe']=_0x82b4b4(0x3b7,0x416)+'0',_0xb06129[_0x82b4b4(0x2eb,0x2c3)+_0x82b4b4(0x32b,0x2e3)]=_0x5a85f6(0x623,0x661)+'cal',_0xb06129[_0x82b4b4(0x2dd,0x2cd)]=_0x5a85f6(0x5b7,0x58c)+_0x82b4b4(0x514,0x549)+_0x82b4b4(0x384,0x2c7)+_0x82b4b4(0x342,0x349)+_0x5a85f6(0x55b,0x5e1)+_0x82b4b4(0x4a8,0x5c9)+_0x82b4b4(0x4cd,0x526)+_0x82b4b4(0x302,0x1dd)+_0x82b4b4(0x4b7,0x4c5)+'ery',_0xb06129[_0x5a85f6(0x5b8,0x54d)+_0x82b4b4(0x31f,0x398)+'n']=_0x5a85f6(0x540,0x603)+'input'+_0x82b4b4(0x2d6,0x264)+'DAP\x20f'+_0x82b4b4(0x479,0x3bd)+_0x5a85f6(0x59e,0x5a2)+_0x82b4b4(0x34b,0x41b)+_0x82b4b4(0x3ec,0x3d5)+'izati'+_0x5a85f6(0x496,0x38d)+'ables'+_0x5a85f6(0x699,0x7a8)+'\x20inje'+'ction'+'.',_0xb06129['langu'+_0x5a85f6(0x4c8,0x469)]=['cshar'+'p'],_0xb06129[_0x82b4b4(0x30f,0x2f2)+'rn']=/(?:DirectorySearcher|SearchRequest)[\s\S]*?Filter\s*=\s*(?:\$["']|.*\+\s*(?:Request|input|user|param))/g,_0xb06129[_0x82b4b4(0x2f5,0x27d)]=_0x82b4b4(0x488,0x58b)+'e\x20spe'+_0x82b4b4(0x4e7,0x3c4)+_0x5a85f6(0x5b7,0x56f)+_0x5a85f6(0x4ea,0x55b)+_0x82b4b4(0x389,0x27b)+_0x5a85f6(0x694,0x69d)+_0x5a85f6(0x58c,0x63c)+'ramet'+_0x5a85f6(0x597,0x4eb)+_0x82b4b4(0x3a5,0x32f)+_0x82b4b4(0x3c9,0x4cf)+_0x5a85f6(0x56a,0x5c1);const _0x457ee4={};_0x457ee4['id']=_0x5a85f6(0x4ae,0x4c3)+_0x82b4b4(0x50a,0x5ef)+'1',_0x457ee4['cwe']='CWE-9'+'42',_0x457ee4['sever'+'ity']=_0x5a85f6(0x4f5,0x40c),_0x457ee4[_0x82b4b4(0x2dd,0x3a8)]=_0x5a85f6(0x4ed,0x3fa)+_0x82b4b4(0x4fe,0x4d2)+_0x82b4b4(0x4a4,0x46b)+_0x5a85f6(0x4c3,0x4e7)+_0x82b4b4(0x499,0x3a7)+'llowA'+_0x82b4b4(0x48e,0x395)+'gin\x20w'+_0x5a85f6(0x5c8,0x5bd)+_0x82b4b4(0x4e3,0x5a6)+_0x5a85f6(0x4bd,0x3ee),_0x457ee4['descr'+_0x5a85f6(0x4b9,0x547)+'n']=_0x5a85f6(0x5e6,0x62e)+_0x82b4b4(0x504,0x56e)+'ny\x20or'+'igin\x20'+_0x5a85f6(0x47e,0x468)+_0x82b4b4(0x310,0x2fd)+_0x5a85f6(0x56c,0x50a)+_0x82b4b4(0x48a,0x46c)+_0x5a85f6(0x671,0x75b)+_0x5a85f6(0x632,0x5d1)+_0x5a85f6(0x46b,0x388)+_0x5a85f6(0x659,0x68d)+_0x5a85f6(0x4cc,0x55f)+_0x82b4b4(0x4ae,0x475)+_0x82b4b4(0x386,0x270)+'s.',_0x457ee4[_0x82b4b4(0x409,0x4a8)+_0x5a85f6(0x4c8,0x42b)]=[_0x5a85f6(0x579,0x693)+'p'],_0x457ee4[_0x82b4b4(0x30f,0x2d6)+'rn']=/AllowAnyOrigin\s*\(\s*\)[\s\S]*?AllowCredentials\s*\(\s*\)/g,_0x457ee4['fix']=_0x5a85f6(0x65e,0x73d)+'fy\x20al'+'lowed'+'\x20orig'+_0x5a85f6(0x4fd,0x50a)+_0x82b4b4(0x463,0x35f)+_0x82b4b4(0x318,0x33c)+_0x5a85f6(0x527,0x4ca)+_0x5a85f6(0x5b3,0x576)+_0x82b4b4(0x396,0x468)+_0x82b4b4(0x362,0x296)+_0x82b4b4(0x3ef,0x36b)+_0x82b4b4(0x517,0x4d0)+_0x5a85f6(0x4e4,0x430)+_0x82b4b4(0x412,0x4fe)+'wAnyO'+_0x82b4b4(0x318,0x32a)+_0x5a85f6(0x5da,0x530);const _0x1a91bb={};_0x1a91bb['id']=_0x82b4b4(0x47f,0x3da)+_0x82b4b4(0x45b,0x3f2)+'1',_0x1a91bb[_0x5a85f6(0x51a,0x4f9)]=_0x5a85f6(0x551,0x433)+'15',_0x1a91bb[_0x5a85f6(0x485,0x563)+_0x82b4b4(0x32b,0x266)]='high',_0x1a91bb[_0x82b4b4(0x2dd,0x2fa)]=_0x5a85f6(0x528,0x50e)+_0x82b4b4(0x3b9,0x339)+_0x5a85f6(0x50e,0x5e0)+_0x82b4b4(0x31c,0x3ea)+'nding'+'\x20dire'+_0x82b4b4(0x339,0x3f0)+_0x82b4b4(0x337,0x42f)+_0x82b4b4(0x44d,0x3ef)+_0x5a85f6(0x5c0,0x4fc),_0x1a91bb[_0x5a85f6(0x5b8,0x498)+_0x5a85f6(0x4b9,0x3e5)+'n']=_0x82b4b4(0x2d8,0x3a8)+_0x82b4b4(0x4e2,0x5b7)+'quest'+_0x5a85f6(0x649,0x644)+_0x5a85f6(0x51c,0x488)+_0x5a85f6(0x4d3,0x41b)+_0x5a85f6(0x609,0x711)+'tabas'+_0x82b4b4(0x480,0x374)+_0x5a85f6(0x5fa,0x5fa)+'\x20allo'+'ws\x20ov'+_0x82b4b4(0x39f,0x488)+_0x5a85f6(0x480,0x383)+_0x82b4b4(0x466,0x47a)+_0x5a85f6(0x5a2,0x5d8)+_0x82b4b4(0x431,0x4da)+'s\x20(ro'+_0x82b4b4(0x49c,0x457)+'sAdmi'+'n).',_0x1a91bb['langu'+_0x82b4b4(0x32e,0x228)]=['cshar'+'p'],_0x1a91bb[_0x5a85f6(0x4a9,0x440)+'rn']=/\[HttpPost\][\s\S]*?public\s+(?:async\s+)?(?:Task<)?(?:IActionResult|ActionResult)[\s\S]*?\(\s*(?:\[FromBody\]\s*)?(?:User|Account|Employee|Order|Product)\s+/g,_0x1a91bb[_0x82b4b4(0x2f5,0x2cf)]=_0x82b4b4(0x457,0x3d4)+'TOs/V'+_0x5a85f6(0x661,0x6bc)+_0x5a85f6(0x57c,0x67d)+_0x82b4b4(0x31b,0x324)+_0x5a85f6(0x4a1,0x3a0)+_0x5a85f6(0x47c,0x390)+'p\x20to\x20'+_0x82b4b4(0x375,0x361)+'y\x20man'+_0x82b4b4(0x2f2,0x3f2)+_0x5a85f6(0x58d,0x4c9)+_0x5a85f6(0x4e8,0x51d)+_0x82b4b4(0x2e5,0x305)+_0x5a85f6(0x4ca,0x59f)+_0x82b4b4(0x432,0x4a8)+_0x82b4b4(0x341,0x2f5)+_0x5a85f6(0x5e4,0x514)+_0x82b4b4(0x3fe,0x4e1)+_0x5a85f6(0x5f6,0x52d)+_0x82b4b4(0x392,0x2ab);const _0x2615e3={};_0x2615e3['id']=_0x82b4b4(0x3b0,0x40b)+_0x82b4b4(0x420,0x317)+'01',_0x2615e3[_0x82b4b4(0x380,0x41f)]='CWE-6'+'01',_0x2615e3['sever'+_0x82b4b4(0x32b,0x419)]=_0x5a85f6(0x656,0x6b3)+'m',_0x2615e3[_0x82b4b4(0x2dd,0x372)]=_0x5a85f6(0x4ec,0x4c0)+_0x5a85f6(0x5ec,0x502)+_0x82b4b4(0x3ed,0x2da)+_0x82b4b4(0x3be,0x471)+_0x5a85f6(0x629,0x524)+'ed\x20re'+_0x82b4b4(0x39c,0x428)+'t\x20URL',_0x2615e3[_0x5a85f6(0x5b8,0x5fa)+_0x82b4b4(0x31f,0x369)+'n']=_0x82b4b4(0x452,0x36a)+_0x82b4b4(0x418,0x321)+_0x82b4b4(0x3e1,0x4ca)+_0x5a85f6(0x4fa,0x5a5)+_0x82b4b4(0x2e0,0x2b9)+_0x5a85f6(0x65a,0x5b0)+'\x20URLs'+_0x5a85f6(0x6b6,0x753)+'ws\x20ph'+_0x5a85f6(0x515,0x463)+_0x5a85f6(0x512,0x609)+_0x5a85f6(0x49b,0x55c)+'\x20redi'+_0x82b4b4(0x495,0x4df),_0x2615e3[_0x5a85f6(0x5a3,0x6b8)+'ages']=['cshar'+'p'],_0x2615e3[_0x5a85f6(0x4a9,0x582)+'rn']=/Redirect\s*\(\s*(?:Request|returnUrl|url|redirect|next)/g,_0x2615e3[_0x82b4b4(0x2f5,0x37d)]=_0x5a85f6(0x59b,0x673)+_0x5a85f6(0x5ed,0x507)+_0x82b4b4(0x41c,0x3df)+_0x82b4b4(0x4b6,0x446)+'\x20to\x20v'+_0x5a85f6(0x53c,0x60d)+'te:\x20i'+'f\x20(Ur'+_0x82b4b4(0x446,0x477)+_0x82b4b4(0x366,0x395)+_0x5a85f6(0x5c1,0x5f5)+_0x82b4b4(0x4de,0x56a)+_0x5a85f6(0x52b,0x455)+_0x5a85f6(0x486,0x463)+_0x5a85f6(0x4e3,0x420)+_0x5a85f6(0x573,0x59f)+_0x82b4b4(0x415,0x43a)+_0x5a85f6(0x4b0,0x5bf)+');';const _0x496596={};_0x496596['id']='CS-SE'+_0x82b4b4(0x33a,0x3f2),_0x496596[_0x5a85f6(0x51a,0x459)]=_0x5a85f6(0x5f4,0x579)+'98',_0x496596[_0x5a85f6(0x485,0x3da)+_0x5a85f6(0x4c5,0x450)]='criti'+_0x82b4b4(0x3c0,0x4cf),_0x496596[_0x82b4b4(0x2dd,0x2e0)]=_0x5a85f6(0x631,0x5d4)+_0x5a85f6(0x549,0x4a0)+_0x82b4b4(0x3c6,0x469)+_0x5a85f6(0x5a4,0x48a)+_0x82b4b4(0x3d7,0x421)+_0x5a85f6(0x4b4,0x5a7)+'th\x20Pa'+_0x82b4b4(0x2db,0x35f)+'d',_0x496596[_0x82b4b4(0x41e,0x356)+_0x82b4b4(0x31f,0x3cf)+'n']='Datab'+_0x82b4b4(0x473,0x3bf)+_0x82b4b4(0x364,0x2b2)+_0x82b4b4(0x384,0x3ab)+_0x5a85f6(0x58e,0x4ef)+_0x5a85f6(0x548,0x4a3)+_0x82b4b4(0x36b,0x47e)+_0x82b4b4(0x2db,0x306)+_0x82b4b4(0x3c5,0x397)+_0x82b4b4(0x478,0x3d7)+'ce\x20co'+_0x82b4b4(0x3e0,0x3dd)+_0x5a85f6(0x565,0x63b)+_0x82b4b4(0x4c8,0x3bf)+_0x5a85f6(0x67e,0x6c5)+_0x5a85f6(0x4a8,0x43b)+_0x5a85f6(0x519,0x482)+'ory.',_0x496596['langu'+_0x82b4b4(0x32e,0x355)]=['cshar'+'p'],_0x496596[_0x5a85f6(0x4a9,0x3bf)+'rn']=/(?:ConnectionString|connectionString)\s*=\s*["'][^"']*(?:Password|Pwd)\s*=[^"']+["']/gi,_0x496596[_0x5a85f6(0x48f,0x5ab)]='Use\x20a'+'ppset'+'tings'+'.json'+_0x5a85f6(0x69b,0x5c2)+_0x82b4b4(0x35c,0x340)+'\x20Secr'+_0x5a85f6(0x664,0x783)+_0x82b4b4(0x506,0x565)+_0x5a85f6(0x68f,0x6ae)+_0x82b4b4(0x388,0x2a8)+_0x5a85f6(0x5c2,0x63b)+'viron'+_0x5a85f6(0x4e6,0x456)+_0x5a85f6(0x51b,0x4f3)+_0x5a85f6(0x4c6,0x428)+_0x82b4b4(0x4a7,0x52a)+_0x5a85f6(0x6aa,0x7ca)+'ion.';const _0x251b45={};_0x251b45['id']='CS-DE'+_0x82b4b4(0x516,0x4da)+'01',_0x251b45[_0x82b4b4(0x380,0x30f)]=_0x82b4b4(0x2d2,0x1c5)+'89',_0x251b45[_0x5a85f6(0x485,0x444)+_0x82b4b4(0x32b,0x3f8)]=_0x82b4b4(0x4bc,0x45b)+'m',_0x251b45[_0x82b4b4(0x2dd,0x27f)]=_0x82b4b4(0x3d5,0x4b5)+_0x5a85f6(0x5f0,0x54c)+_0x5a85f6(0x4bf,0x42d)+_0x82b4b4(0x438,0x3bd)+_0x82b4b4(0x3d3,0x479)+'uctio'+_0x5a85f6(0x494,0x464)+_0x5a85f6(0x4ba,0x4af)+'Error'+'s\x20Off',_0x251b45[_0x5a85f6(0x5b8,0x62a)+_0x5a85f6(0x4b9,0x486)+'n']=_0x5a85f6(0x576,0x550)+_0x82b4b4(0x439,0x392)+_0x82b4b4(0x4ab,0x49b)+_0x82b4b4(0x36d,0x263)+_0x82b4b4(0x308,0x37d)+'taile'+'d\x20sta'+_0x82b4b4(0x4d4,0x48b)+'aces\x20'+'to\x20us'+_0x82b4b4(0x328,0x395)+_0x5a85f6(0x64b,0x60a)+_0x82b4b4(0x500,0x51c)+_0x82b4b4(0x48b,0x483)+_0x5a85f6(0x673,0x722)+_0x82b4b4(0x2f4,0x3ca)+'.',_0x251b45[_0x82b4b4(0x409,0x34b)+_0x82b4b4(0x32e,0x268)]=[_0x82b4b4(0x3df,0x42a)+'p'],_0x251b45[_0x5a85f6(0x4a9,0x555)+'rn']=/customErrors\s+mode\s*=\s*["']Off["']/gi,_0x251b45[_0x5a85f6(0x48f,0x381)]=_0x5a85f6(0x5bd,0x5d2)+_0x82b4b4(0x320,0x3cd)+_0x5a85f6(0x67a,0x693)+'s\x20mod'+'e=\x22Re'+_0x5a85f6(0x4c7,0x511)+_0x82b4b4(0x40e,0x331)+'or\x20mo'+_0x82b4b4(0x477,0x4aa)+_0x82b4b4(0x3c7,0x412)+_0x5a85f6(0x4e9,0x41d)+_0x82b4b4(0x411,0x47d)+'n.';export const csharpRules=[_0x13f330,_0x42d4d8,_0x30277a,_0x520d21,_0x4d5cc9,_0x2c456f,_0x4b901a,_0xdeb5cf,_0x2216f9,_0x42037b,_0x12be14,_0xd386c,_0x3295da,_0xb06129,_0x457ee4,_0x1a91bb,_0x2615e3,_0x496596,_0x251b45];

package/dist/rules/docker.js CHANGED Viewed

@@ -1,143 +1 @@
-export const dockerRules = [
-    // === Base Image ===
-    {
-        id: "DOCKER-IMG-001",
-        cwe: "CWE-829",
-        severity: "medium",
-        title: "Unpinned Base Image — Using :latest or no tag",
-        description: "Using 'latest' or no tag for base images makes builds non-reproducible and may pull in vulnerable versions.",
-        languages: ["dockerfile"],
-        pattern: /^FROM\s+(?!scratch)[a-z0-9\-_.\/]+(?:\s*$|:\s*latest\b)/gmi,
-        fix: "Pin base images to a specific version and SHA digest: FROM node:20.11.0-alpine@sha256:abc123...",
-    },
-    {
-        id: "DOCKER-IMG-002",
-        cwe: "CWE-829",
-        severity: "medium",
-        title: "Non-Distroless/Non-Alpine Base Image",
-        description: "Full OS base images contain unnecessary packages that increase the attack surface.",
-        languages: ["dockerfile"],
-        pattern: /^FROM\s+(?:ubuntu|debian|centos|fedora|amazonlinux)(?::|$)/gmi,
-        fix: "Use minimal images: alpine, distroless, or *-slim variants to reduce attack surface.",
-    },
-    // === Running as Root ===
-    {
-        id: "DOCKER-ROOT-001",
-        cwe: "CWE-250",
-        severity: "high",
-        title: "Container Running as Root — Missing USER directive",
-        description: "Containers running as root can escalate to host root via container escape vulnerabilities (e.g., runc CVEs).",
-        languages: ["dockerfile"],
-        pattern: /^USER\s+root\s*$/gmi,
-        fix: "Run as a non-root user: RUN addgroup -S app && adduser -S app -G app ... USER app",
-    },
-    // === ADD vs COPY ===
-    {
-        id: "DOCKER-ADD-001",
-        cwe: "CWE-829",
-        severity: "medium",
-        title: "Using ADD Instead of COPY",
-        description: "ADD can auto-extract archives and fetch remote URLs, introducing unintended content. COPY is explicit and safer.",
-        languages: ["dockerfile"],
-        pattern: /^ADD\s+(?!--chown)/gmi,
-        fix: "Use COPY instead of ADD unless you specifically need archive extraction.",
-    },
-    // === Secrets in Image ===
-    {
-        id: "DOCKER-SEC-001",
-        cwe: "CWE-798",
-        severity: "critical",
-        title: "Secret in Dockerfile — ENV or ARG with credential",
-        description: "Secrets in ENV/ARG persist in image layers and can be extracted with docker history.",
-        languages: ["dockerfile"],
-        pattern: /^(?:ENV|ARG)\s+(?:.*(?:PASSWORD|SECRET|API_KEY|TOKEN|PRIVATE_KEY|ACCESS_KEY|DB_PASS|CREDENTIALS)\s*=)/gmi,
-        fix: "Use Docker BuildKit secrets: RUN --mount=type=secret,id=my_secret. Or pass secrets at runtime via -e.",
-    },
-    {
-        id: "DOCKER-SEC-002",
-        cwe: "CWE-798",
-        severity: "high",
-        title: "Copying .env File into Image",
-        description: "Copying .env files into Docker images exposes secrets in every layer.",
-        languages: ["dockerfile"],
-        pattern: /^COPY\s+.*\.env\b/gmi,
-        fix: "Never COPY .env files into images. Pass environment variables at runtime with docker run -e or --env-file.",
-    },
-    // === Exposed Ports ===
-    {
-        id: "DOCKER-PORT-001",
-        cwe: "CWE-668",
-        severity: "medium",
-        title: "Exposed Sensitive Port — SSH, Docker socket, or K8s API",
-        description: "Exposing management ports (SSH, Docker daemon, K8s API) in containers is a security risk.",
-        languages: ["dockerfile"],
-        pattern: /^EXPOSE\s+(?:22|2375|2376|6443|9200|27017|6379|5432|3306|3389)\b/gmi,
-        fix: "Remove EXPOSE for management ports. Use Docker networks for inter-container communication.",
-    },
-    // === No HEALTHCHECK ===
-    {
-        id: "DOCKER-HEALTH-001",
-        cwe: "CWE-693",
-        severity: "low",
-        title: "Missing HEALTHCHECK Directive",
-        description: "Without HEALTHCHECK, Docker cannot detect if the container application has become unresponsive.",
-        languages: ["dockerfile"],
-        pattern: /^HEALTHCHECK\s+NONE\s*$/gmi,
-        fix: "Add a HEALTHCHECK: HEALTHCHECK --interval=30s CMD curl -f http://localhost/ || exit 1",
-    },
-    // === Package Install ===
-    {
-        id: "DOCKER-PKG-001",
-        cwe: "CWE-1104",
-        severity: "low",
-        title: "Package Install Without --no-install-recommends",
-        description: "Installing packages without --no-install-recommends pulls in unnecessary packages that increase image size and attack surface.",
-        languages: ["dockerfile"],
-        pattern: /apt-get\s+install\s+(?!.*--no-install-recommends)/g,
-        fix: "Use: RUN apt-get install --no-install-recommends -y package_name && rm -rf /var/lib/apt/lists/*",
-    },
-    // === Privileged Docker Compose ===
-    {
-        id: "DOCKER-PRIV-001",
-        cwe: "CWE-250",
-        severity: "critical",
-        title: "Privileged Container in Docker Compose",
-        description: "Privileged mode gives the container full access to the host, equivalent to running on the host itself.",
-        languages: ["yaml"],
-        pattern: /privileged\s*:\s*true/g,
-        fix: "Remove privileged: true. Use specific capabilities instead: cap_add: [NET_ADMIN]",
-    },
-    // === Docker Socket Mount ===
-    {
-        id: "DOCKER-SOCK-001",
-        cwe: "CWE-250",
-        severity: "critical",
-        title: "Docker Socket Mounted — Container Escape Risk",
-        description: "Mounting the Docker socket gives the container full control of the Docker daemon, enabling container escape.",
-        languages: ["yaml", "dockerfile"],
-        pattern: /\/var\/run\/docker\.sock/g,
-        fix: "Avoid mounting the Docker socket. Use Docker-in-Docker (dind) or a remote Docker host if needed.",
-    },
-    // === Curl Pipe Bash ===
-    {
-        id: "DOCKER-CURL-001",
-        cwe: "CWE-829",
-        severity: "high",
-        title: "Curl Pipe to Shell — Untrusted Script Execution",
-        description: "Downloading and executing scripts in a single command bypasses review and can execute malicious code.",
-        languages: ["dockerfile"],
-        pattern: /(?:curl|wget)\s+[^|]*\|\s*(?:bash|sh|zsh)/g,
-        fix: "Download the script first, verify its checksum, then execute: RUN curl -o script.sh URL && sha256sum -c <<< 'HASH script.sh' && bash script.sh",
-    },
-    // === Multi-stage build leak ===
-    {
-        id: "DOCKER-STAGE-001",
-        cwe: "CWE-200",
-        severity: "medium",
-        title: "Build Tools in Final Image",
-        description: "Compilers, build tools, and dev dependencies in the final image increase attack surface.",
-        languages: ["dockerfile"],
-        pattern: /^RUN\s+.*(?:gcc|g\+\+|make|cmake|npm\s+install\s+(?!--production|--omit=dev))/gmi,
-        fix: "Use multi-stage builds: build in one stage, copy only artifacts to a minimal final stage.",
-    },
-];
+(function(_0x51afa0,_0xc01850){const _0x490c74={_0x1f9811:0x196,_0x44c402:0x431,_0x5200fb:0x38,_0x2a247d:0x42d,_0x5bf028:0x474,_0x14aecb:0xe6,_0x7b3235:0x1dc,_0x4559dc:0x62b,_0x1d419e:0x49d,_0x267484:0x40c,_0x2550d4:0x5a5},_0x34bb6a={_0x135c81:0x3f};function _0x13a784(_0xce5036,_0x4d437a){return _0x12a1(_0xce5036-0x378,_0x4d437a);}const _0x8fa8aa=_0x51afa0();function _0x57b859(_0x383336,_0x551dc3){return _0x12a1(_0x551dc3- -_0x34bb6a._0x135c81,_0x383336);}while(!![]){try{const _0x28b676=-parseInt(_0x57b859(_0x490c74._0x1f9811,0x206))/(-0x22c9+-0x242a+0x46f4)*(-parseInt(_0x13a784(_0x490c74._0x44c402,0x3bf))/(0x80+0xf11+-0xf8f))+parseInt(_0x57b859(_0x490c74._0x5200fb,0xcc))/(-0x1e79*-0x1+-0x1d2*-0x4+-0x25be)+parseInt(_0x13a784(_0x490c74._0x2a247d,_0x490c74._0x5bf028))/(0x1*-0x1fb7+0x19fc*0x1+0x5bf)+-parseInt(_0x57b859(_0x490c74._0x14aecb,0xfa))/(-0x1060+-0x33*-0x2+-0xf*-0x111)*(-parseInt(_0x57b859(0x19f,_0x490c74._0x7b3235))/(0x198*0x3+0x124*0x2+-0x70a))+parseInt(_0x13a784(0x56f,_0x490c74._0x4559dc))/(0xc85+0xbb9*0x3+-0x15*0x245)+parseInt(_0x13a784(_0x490c74._0x1d419e,_0x490c74._0x267484))/(-0x17db+-0x1fb2*0x1+0x3795)*(parseInt(_0x13a784(_0x490c74._0x2550d4,0x526))/(-0x2*-0x954+0x86d+-0x1b0c))+-parseInt(_0x13a784(0x4ec,0x535))/(0x7*-0x3f1+-0x1046+0x2be7);if(_0x28b676===_0xc01850)break;else _0x8fa8aa['push'](_0x8fa8aa['shift']());}catch(_0xb1cce4){_0x8fa8aa['push'](_0x8fa8aa['shift']());}}}(_0x51e4,0x2333e+0x49df*-0x11+0x55918));const _0x185875={};_0x185875['id']=_0x342e4b(0x21a,0x14a)+_0x2bae73(0x171,0x9c)+'-001',_0x185875[_0x2bae73(0x21d,0x197)]=_0x342e4b(0x73,0x35)+'29',_0x185875['sever'+_0x342e4b(0x271,0x1d8)]=_0x2bae73(0xc1,0x5)+'m',_0x185875[_0x2bae73(0x164,0xcc)]=_0x342e4b(0xd7,0x199)+_0x342e4b(0xc7,0x12a)+_0x342e4b(0xd5,0x19f)+_0x342e4b(-0x51,0x39)+_0x342e4b(0x1fb,0x1ad)+'ng\x20:l'+_0x2bae73(0x282,0x334)+_0x2bae73(0x260,0x173)+_0x342e4b(0x119,0x6d),_0x185875[_0x342e4b(-0xa,0xb9)+_0x342e4b(0x109,0xed)+'n']=_0x2bae73(0xbe,0x10a)+_0x342e4b(0xe,0x85)+_0x2bae73(0x28c,0x2b0)+_0x342e4b(-0x18,0xbc)+_0x342e4b(0xde,0x3b)+_0x2bae73(0x20d,0x226)+_0x342e4b(0x21d,0x1a2)+'mages'+_0x342e4b(-0x1b,0xb6)+'s\x20bui'+'lds\x20n'+_0x2bae73(0xf8,0x1d4)+_0x2bae73(0x227,0x2b2)+'cible'+'\x20and\x20'+_0x342e4b(0x6e,0x8f)+_0x2bae73(0x1aa,0x121)+'n\x20vul'+_0x2bae73(0x116,0xcb)+_0x2bae73(0x1e8,0x2ab)+_0x2bae73(0x278,0x31f)+'s.',_0x185875['langu'+_0x342e4b(0x84,0x9)]=[_0x342e4b(0x74,0x107)+'rfile'],_0x185875[_0x2bae73(0x1a2,0x22d)+'rn']=/^FROM\s+(?!scratch)[a-z0-9\-_.\/]+(?:\s*$|:\s*latest\b)/gmi,_0x185875[_0x342e4b(0x6e,0x103)]='Pin\x20b'+_0x2bae73(0x25c,0x1cb)+'mages'+'\x20to\x20a'+'\x20spec'+_0x342e4b(0x1e7,0x110)+_0x342e4b(0x18b,0x1b5)+'on\x20an'+_0x342e4b(0x88,0x33)+_0x342e4b(0xb0,0x14e)+_0x342e4b(0x66,0x3c)+_0x342e4b(0x128,0x81)+_0x2bae73(0x1d9,0x160)+_0x342e4b(0x2ac,0x1d6)+_0x342e4b(0xb7,0xff)+'ine@s'+_0x2bae73(0x17b,0x1ca)+_0x342e4b(0x1ac,0x133)+_0x342e4b(0x109,0x71);const _0x1ddac9={};_0x1ddac9['id']='DOCKE'+_0x342e4b(0x78,0xb7)+_0x342e4b(0x169,0x1d5),_0x1ddac9[_0x2bae73(0x21d,0x2c1)]='CWE-8'+'29',_0x1ddac9[_0x2bae73(0x11a,0xb7)+'ity']='mediu'+'m',_0x1ddac9[_0x2bae73(0x164,0xa6)]=_0x2bae73(0x209,0x2a4)+_0x2bae73(0xf9,0x16a)+_0x2bae73(0x122,0x9f)+_0x342e4b(0x15,0x42)+_0x342e4b(0xc8,0x90)+_0x2bae73(0x10b,0x81)+_0x2bae73(0x15e,0x1af)+'e',_0x1ddac9[_0x342e4b(0xac,0xb9)+_0x342e4b(0x11a,0xed)+'n']=_0x342e4b(0x160,0x8b)+_0x342e4b(-0x92,0x1c)+_0x2bae73(0xea,0x188)+_0x2bae73(0x1fd,0x2d2)+_0x2bae73(0x27c,0x20a)+'in\x20un'+'neces'+_0x342e4b(0x1f5,0x1ab)+_0x2bae73(0x1c3,0x1b4)+_0x2bae73(0x18d,0x108)+_0x342e4b(0x1f3,0x156)+_0x2bae73(0x23d,0x25e)+_0x342e4b(0x171,0x13a)+_0x342e4b(0x1a0,0xec)+_0x2bae73(0x1e7,0x152)+'urfac'+'e.',_0x1ddac9[_0x342e4b(-0xe,0x4a)+_0x342e4b(0x4d,0x9)]=['docke'+_0x2bae73(0xc0,0x14d)],_0x1ddac9[_0x2bae73(0x1a2,0xde)+'rn']=/^FROM\s+(?:ubuntu|debian|centos|fedora|amazonlinux)(?::|$)/gmi,_0x1ddac9[_0x2bae73(0x1bd,0x13d)]=_0x342e4b(0x215,0x17b)+_0x2bae73(0xc7,0x180)+'l\x20ima'+_0x342e4b(0x248,0x15e)+_0x2bae73(0x1e1,0x18d)+_0x342e4b(0x7f,0x86)+_0x2bae73(0x23a,0x26f)+_0x2bae73(0x18c,0x1da)+_0x342e4b(0x153,0x116)+_0x2bae73(0x1d8,0x238)+_0x2bae73(0x200,0x257)+_0x342e4b(0x215,0x14c)+_0x2bae73(0x1b6,0x184)+_0x2bae73(0x1e3,0x262)+_0x2bae73(0xc2,0x70)+'\x20surf'+'ace.';const _0xeb9c69={};_0xeb9c69['id']=_0x342e4b(0x14f,0x14a)+'R-ROO'+_0x342e4b(0x38,0x122),_0xeb9c69[_0x2bae73(0x21d,0x2bf)]='CWE-2'+'50',_0xeb9c69[_0x2bae73(0x11a,0x1e0)+_0x342e4b(0x1d9,0x1d8)]=_0x2bae73(0x101,0x30),_0xeb9c69['title']=_0x342e4b(0x71,0x57)+_0x342e4b(-0x42,0x31)+_0x2bae73(0x177,0xf1)+'ng\x20as'+_0x2bae73(0xfb,0x79)+'\x20—\x20Mi'+_0x2bae73(0x121,0x133)+_0x342e4b(0x1d5,0x1a0)+_0x2bae73(0x284,0x1f8)+_0x2bae73(0x22a,0x255),_0xeb9c69['descr'+'iptio'+'n']='Conta'+_0x342e4b(0x10d,0x18f)+_0x342e4b(0xb2,0x17a)+_0x342e4b(0x8b,0x9f)+_0x342e4b(0x121,0x188)+_0x2bae73(0x266,0x260)+_0x2bae73(0x146,0xb8)+'late\x20'+_0x342e4b(0x1f8,0x120)+_0x2bae73(0x281,0x222)+_0x2bae73(0x129,0x1cf)+_0x2bae73(0x188,0x19f)+'taine'+_0x342e4b(-0x39,0x55)+_0x342e4b(0x13c,0x93)+'ulner'+_0x2bae73(0x1b5,0xde)+'ties\x20'+'(e.g.'+',\x20run'+_0x342e4b(0xe0,0x1a3)+_0x342e4b(0x276,0x1b3),_0xeb9c69[_0x2bae73(0x104,0x100)+_0x342e4b(0xd7,0x9)]=[_0x342e4b(0xa1,0x107)+_0x342e4b(-0xab,0x6)],_0xeb9c69[_0x2bae73(0x1a2,0xdb)+'rn']=/^USER\s+root\s*$/gmi,_0xeb9c69[_0x2bae73(0x1bd,0x15e)]=_0x342e4b(0x78,0x62)+'s\x20a\x20n'+_0x342e4b(0x140,0x1b9)+_0x342e4b(0x20c,0x166)+_0x2bae73(0x1d1,0x226)+_0x342e4b(0xa4,0xa6)+_0x342e4b(0x41,0xd0)+'p\x20-S\x20'+_0x2bae73(0xec,0x1a4)+'&\x20add'+_0x342e4b(0x6,0x1a)+_0x2bae73(0x28b,0x346)+_0x2bae73(0xdf,0x193)+_0x342e4b(0x147,0x1af)+_0x342e4b(-0x51,0x63)+_0x342e4b(-0x7,0x1b)+'p';const _0x33a840={};_0x33a840['id']=_0x342e4b(0x8c,0x14a)+_0x342e4b(0x134,0x16b)+_0x342e4b(0x17d,0x137),_0x33a840[_0x342e4b(0x226,0x163)]='CWE-8'+'29',_0x33a840[_0x2bae73(0x11a,0x96)+'ity']=_0x342e4b(0x7c,0x7)+'m',_0x33a840[_0x2bae73(0x164,0x134)]=_0x2bae73(0xbe,-0x2a)+_0x2bae73(0x233,0x2d4)+_0x342e4b(0x2d,0x79)+_0x2bae73(0x15d,0x93)+_0x2bae73(0x228,0x268),_0x33a840[_0x342e4b(-0x14,0xb9)+_0x2bae73(0x1a7,0x1b8)+'n']=_0x2bae73(0x19d,0x1d2)+_0x342e4b(0x1f,0xf5)+'to-ex'+_0x342e4b(-0x6,0x43)+_0x342e4b(0xd1,0x75)+'ives\x20'+_0x2bae73(0x236,0x24b)+'etch\x20'+_0x342e4b(0x1d6,0x189)+_0x342e4b(0x37,0xc5)+'s,\x20in'+'trodu'+_0x2bae73(0x1d2,0x117)+_0x2bae73(0x179,0x239)+'ended'+_0x2bae73(0x285,0x334)+_0x342e4b(0x107,0xfd)+_0x342e4b(-0x31,0xb)+_0x342e4b(0x1d7,0x1a5)+_0x342e4b(0x175,0xe1)+_0x342e4b(-0xaa,0x15)+_0x342e4b(0xf4,0x108)+'r.',_0x33a840[_0x2bae73(0x104,0x90)+_0x342e4b(-0x59,0x9)]=[_0x342e4b(0x103,0x107)+_0x342e4b(0xf1,0x6)],_0x33a840[_0x342e4b(0xb0,0xe8)+'rn']=/^ADD\s+(?!--chown)/gmi,_0x33a840[_0x342e4b(0x159,0x103)]=_0x2bae73(0x26c,0x248)+_0x342e4b(0xc4,0xae)+_0x342e4b(0x1cb,0x11a)+_0x2bae73(0x117,0x1af)+_0x342e4b(0x174,0x1a9)+'nless'+_0x342e4b(0x26b,0x190)+'speci'+_0x342e4b(0xeb,0x168)+_0x342e4b(0x14,0xb1)+_0x342e4b(0xc1,0x128)+_0x342e4b(0xd6,0xb8)+_0x2bae73(0x12a,0x16a)+_0x342e4b(-0x17,0x4c)+'n.';const _0x57fa33={};_0x57fa33['id']=_0x2bae73(0x204,0x1a6)+_0x342e4b(0x1c6,0x18d)+'-001',_0x57fa33[_0x2bae73(0x21d,0x2af)]='CWE-7'+'98',_0x57fa33[_0x2bae73(0x11a,0x1b1)+'ity']=_0x342e4b(0xe7,0x7d)+_0x342e4b(0x19c,0x12c),_0x57fa33[_0x342e4b(0x146,0xaa)]='Secre'+'t\x20in\x20'+_0x2bae73(0x180,0x122)+_0x2bae73(0xc0,0x116)+'\x20—\x20EN'+_0x342e4b(0xab,0xc9)+_0x2bae73(0x24f,0x2a9)+_0x2bae73(0xfe,0x1a3)+'reden'+_0x342e4b(-0x82,0x4d),_0x57fa33[_0x342e4b(0x189,0xb9)+_0x2bae73(0x1a7,0x105)+'n']='Secre'+_0x2bae73(0x16d,0x141)+_0x2bae73(0x18b,0x1cd)+_0x342e4b(0x1b7,0x18a)+_0x2bae73(0xbc,0x138)+'t\x20in\x20'+_0x342e4b(0x6c,0x11c)+'\x20laye'+_0x2bae73(0x1bf,0x281)+_0x342e4b(0x16d,0xca)+_0x342e4b(0x17c,0x95)+_0x2bae73(0x103,0xed)+_0x2bae73(0x21f,0x1c7)+_0x2bae73(0x23f,0x2da)+_0x342e4b(0xf9,0x7f)+'\x20hist'+_0x342e4b(0x1a0,0x123),_0x57fa33[_0x2bae73(0x104,0x1e8)+_0x342e4b(-0x60,0x9)]=[_0x342e4b(0x15a,0x107)+_0x342e4b(-0x77,0x6)],_0x57fa33['patte'+'rn']=/^(?:ENV|ARG)\s+(?:.*(?:PASSWORD|SECRET|API_KEY|TOKEN|PRIVATE_KEY|ACCESS_KEY|DB_PASS|CREDENTIALS)\s*=)/gmi,_0x57fa33[_0x2bae73(0x1bd,0x146)]=_0x2bae73(0x135,0x1c2)+_0x2bae73(0x139,0x1c4)+_0x342e4b(0x1fe,0x1d0)+_0x2bae73(0xe7,0x89)+_0x2bae73(0x221,0x216)+'ts:\x20R'+_0x342e4b(0x167,0x124)+_0x2bae73(0x217,0x179)+_0x342e4b(0x133,0x4e)+_0x2bae73(0x151,0xa4)+_0x2bae73(0x189,0x129)+_0x342e4b(0x273,0x18e)+_0x2bae73(0xe6,0x107)+_0x342e4b(0x16e,0x1a4)+'pass\x20'+_0x342e4b(0x18b,0x167)+'ts\x20at'+_0x2bae73(0x1ec,0x1d4)+_0x2bae73(0x1f6,0x2ca)+_0x2bae73(0x1b8,0x215)+'.';const _0x166fb9={};_0x166fb9['id']='DOCKE'+_0x2bae73(0x247,0x1a0)+_0x2bae73(0x28f,0x234),_0x166fb9[_0x342e4b(0x1fe,0x163)]=_0x342e4b(0x88,0x58)+'98',_0x166fb9[_0x342e4b(0xee,0x60)+'ity']=_0x342e4b(0x7d,0x47),_0x166fb9[_0x342e4b(0x135,0xaa)]=_0x342e4b(0x9,0x5a)+_0x2bae73(0x252,0x286)+_0x342e4b(0x22,0xdc)+_0x2bae73(0x257,0x2fa)+'to\x20Im'+_0x342e4b(-0x88,0x4f),_0x166fb9[_0x342e4b(0x28,0xb9)+_0x342e4b(0xe7,0xed)+'n']='Copyi'+_0x342e4b(0x134,0x198)+_0x2bae73(0x22f,0x2e4)+'les\x20i'+_0x2bae73(0x1f5,0x2df)+_0x2bae73(0x139,0x129)+_0x2bae73(0x1b0,0x15f)+_0x342e4b(0x114,0x2b)+_0x342e4b(0x6b,0xcc)+_0x2bae73(0x199,0x16b)+_0x2bae73(0x1ee,0x14d)+_0x342e4b(0x12f,0x59)+_0x342e4b(0x59,0xe2)+_0x2bae73(0x18f,0x226),_0x166fb9[_0x342e4b(0xb0,0x4a)+_0x342e4b(-0x47,0x9)]=[_0x2bae73(0x1c1,0x225)+_0x2bae73(0xc0,0x16d)],_0x166fb9[_0x2bae73(0x1a2,0x28e)+'rn']=/^COPY\s+.*\.env\b/gmi,_0x166fb9['fix']=_0x2bae73(0x202,0x139)+_0x2bae73(0x228,0x2ba)+_0x2bae73(0x213,0x2fb)+_0x2bae73(0x193,0x228)+_0x342e4b(0x7c,0x164)+'o\x20ima'+_0x342e4b(0x196,0x1cd)+'Pass\x20'+_0x342e4b(-0x80,0x40)+_0x2bae73(0x191,0x22f)+_0x342e4b(0x24a,0x1c3)+_0x342e4b(0x199,0xab)+'s\x20at\x20'+'runti'+'me\x20wi'+_0x2bae73(0x1cb,0x15e)+_0x342e4b(-0x8a,-0x2)+_0x342e4b(0x8a,0x16f)+_0x2bae73(0x27b,0x347)+_0x342e4b(0x190,0x104)+_0x2bae73(0x1ba,0x200)+'.';const _0x415b27={};_0x415b27['id']=_0x342e4b(0x1b1,0x14a)+'R-POR'+_0x342e4b(0x1d9,0x122),_0x415b27[_0x2bae73(0x21d,0x2bf)]=_0x342e4b(0x1b8,0x192)+'68',_0x415b27['sever'+_0x342e4b(0x148,0x1d8)]=_0x2bae73(0xc1,0x91)+'m',_0x415b27[_0x342e4b(0x144,0xaa)]=_0x2bae73(0x27a,0x322)+_0x2bae73(0xdd,0xa4)+_0x2bae73(0x26e,0x2d6)+_0x2bae73(0x1cd,0x157)+'rt\x20—\x20'+_0x342e4b(0x6f,0x10f)+'Docke'+'r\x20soc'+'ket,\x20'+_0x2bae73(0xe2,0x193)+_0x342e4b(0x3f,0x115);function _0x342e4b(_0x2ca606,_0x2fc148){const _0x59f4fa={_0x21bdb9:0xa7};return _0x12a1(_0x2fc148- -_0x59f4fa._0x21bdb9,_0x2ca606);}function _0x51e4(){const _0x536f1f=['DgGGzg8','Bg9JywW','DMuGug8','ic1YzIa','CYbbueK','B3iGkI0','zxi6ifi','y2LUzYa','DgfSBca','BNn0zwe','igfJy2u','Aw1Hz2u','BYbHig0','C2XPBsa','B2rLoJi','Dg8GAg8','rgLYzwm','vc0Wmde','B3j5lG','vu4Gls0','DgLVBI4','DxqGseu','ywXWAw4','zwqGyxi','DwnLige','BMvKiei','uhjPDMK','y2fS','ywnRihm','BguGDMu','ifvUDhi','lcbLBMe','q0S6ieG','ihj1BNq','oMfIyZe','zxrZigK','B2yGDgG','Bw1LBMq','ltaWmq','q1Dflti','CYb0Age','C2uGDgG','BNrVieq','Aw1Lihy','DcbPzIa','AguGC2m','lNnOifu','CNrPzMe','tfrilta','ifrVB2W','ywDLCYa','zxmGDgG','q1Dflte','DMfYAwe','qxzVAwq','tMv2zxi','Ag9ZDc8','re9ds0u','BMCGB24','BNrZihq','zMLYC3q','igrPz2u','tM9Uluq','mtyXntC0n0DRue5izG','y3jPChq','ysbYzw0','zM9Yigi','kgrPBMq','B3iGBwe','Agf0igK','zwfKoIa','BcbJB24','ic5LBNy','ihbHy2S','A2fNzv8','AxnRlG','Bw91BNq','z2vZoIa','ifnJCMK','Aw50zxi','vI0Wmde','BgLIl2e','y3DL','CYbPBNq','DgvKihC','B3qGDxm','C2vJCMu','zMLJywW','zwq6ihq','zw5Kzw4','uI1breq','zsbfwfa','ChjVzhu','ienpufK','CNvUic0','y3rPDMu','ywDLlG','yw5Kigi','BgWTCMu','ntKWodm4Bvn6zuXe','BNyGzMK','BIbHihm','Aw4Trg8','jIyGyMe','ieferca','ihj1BM4','vxnLig0','yw5Kigy','zsb1BNi','uI1dvvi','quXusem','C3rYB2W','DwX0As0','BMvYCYa','BMnYzwe','uI1quKK','AxrOigq','mJDUvwfACg8','EsbWywm','CYbYB28','CMvTB3q','qvjhiha','y2TLCI0','ienVBxa','uI1trum','pw15x3m','Aw5LCNm','ihLVDsa','zwn1Dgu','q1Dflty','BsWGDgG','ywvTB24','qvjhihC','CIbtB2m','CYbPBIa','BMCGlMu','vw5WAw4','tKvux0e','sevdsYa','rg93BMW','BguGAw4','mJm5AvvWCNDP','yxnLieK','ifvtrvi','AguGrg8','yxnLigK','yYbdvKu','lIbpCIa','AxmGzxG','ig9Yig4','EgL0ide','C29JA2u','qureihu','y2THz2u','C2fYEsa','DcbJyw4','4OcuifvZAq','qNvPBgq','yxbWic4','ihvUBMu','igHVC3q','vxnLiem','CYKU','BNnPDgK','DMvYC2K','z2uSigm','DcbPBMm','icHtu0G','B24TCM8','veHdseu','DgL2zq','BM5VDca','B3j0CY4','CNnPB24','ifvZzsa','rxHWB3m','zsbVCIa','y29UDge','Dcb2yxi','ignVzgu','DgLUzYa','uI1tvee','C3qGCM8','yxrLC3q','AxrZzwW','igrPCMu','ignVBNq','zcb0B28','z2vZlIa','Aw5NBgu','y2uU','iej1AwW','lvmGyxa','zxn0jYa','CYb0Agu','CMzHy2u','ltaWmG','mc4Xms4','uMvTB3y','Axr5','BMqGzgu','igj1AwW','y2TLCIa','y2SGC3u','Aw5Nig0','igDPDMu','zxjZAxm','AwmGy2e','vxnPBMC','t1nfigy','CMzPBgu','BwvKAxu','DhrHy2S','ywDLCW','BMfNzw0','q09qwsa','uLvoige','Aw5PBwe','odeYmJy0BevwuhnS','igLMig4','C3rHz2u','uI1qs0C','mtaWmNPZuLLjEq','zsbZAxO','zxqUifu','DcbHBMq','Dw5Py2e','qvniihm','EwfTBa','Cg9YDhm','DxnLCIa','rviGyxa','t1mGyMe','CguU','BhmSige','y29TBwu','igLUieq','CYbWDwW','Ag9ZDca','zwqGu2u','ic1Vihm','CcaTrYa','tc0Wmde','zgq6ifS','B3iGsZG','BwvUDca','zw4GzxG','zxmGzxG','zwnYzxq','zeTPDca','vxnLihm','zxmGCMu','C2uGAw0','Aw5LCIa','yxbWicy','zcbtsee','ywDLigK','q1DfltG','zsbZDge','B2fKihq','zwnRC3u','BwfNzsa','DMLSzwC','ihrHzYa','C3q6iey','ywWGAw0','B24TCMu','Axn0CM8','zw52Axi','ifjVB3q','tM9Ulue','DhjHy3q','AxrOigm','BgvNzwq','DgHLieq','AgLNAa','BMrZic0','EhrYywm','BgfUz3u','B2fKAw4','ywn0Aw8','DgLHBa','pxr5Cgu','ywDL','v2L0Ag8','iejHC2u','DhmGy2G','igz1BgW','igv4zwm','CIbLC2m','Aw4GB24','q29UDge','q1DfltC','BIbLDMu','q29WEwK','DMLLDYa','BMvYywi','zcbVzIa','ywLUzxi','y2fWx2e','C2v2zxi','lw5VlwK','uNvUige','lI4Gvvm','mZmYmZa3wgHPyvnh','twLZC2K','sevdsYW','C3nPBMC','BgvZCY8','jIyGCM0','Aw5ZDge','yMvJB20','DcbPBNm','BYb0ywC','CNvLlIa','B3qGDMK','igv4Dhi','mJmUlI4','ihnOyti','yxrPB24','ifjPC2S','igfYy2G','C2vJDxi','zwvKzwq','mta0','sw5ZDgu','yw5Hz2u','vxnLieq','B3b5ig8','y3jPDgK','nde5mtG0sMv3Dgjq','B2nRzxi','y3vYBca','uK9nig4','qwrKige','BhmGAw4','ic0TAw4','icDSyxq','zsWGzgK','DMfSzw4','ihX8igu','BMfTzsa','DcbNAxy','rNvSBca','igvZy2e','tw91BNq','zsbMAw4','Bwf5iha','BhbPBMu','ChqGrxG','mtv4wu5QCha','yxbLihy','C3rHBgW','igjLigu','AxmGysa','pxnLy3i','ls1UBY0','C2L2zs4','sw5ZDge','ksbVCIa','C3vYzMe','rufmveG','zYbHBMq','Aw5Nige','iennrca','B3vUDgu','Bc1Yzwm','ywqGB2y','ieLTywC','rMLUywW','vu4Gywq','ChqTz2u','BM8TAw4','C2uGyxq','DgL0Bgu','AwfIBgu','ugfJA2e','y2vZC2e','t1bzigK','yw4GzxG','CgfIAwW','BhKGBMu','zsbJB24','DhmGAw4','vxnLoIa','CMvHC2u','ig1HA2u','uI1jtuC','y2HPDMu','zgvZy3i','BgvYCYW','C3mGDg8','B3iGBM8','uNvUBMK','zsbWCMK','Dw5PBNq','zgv0zwm','AgeYnty','BMvYige','B250ywK','lNnOjYa','zsbvuKW','rg9JA2u','yMXPBMC','uI1tt0m','vIbVCIa','zcbJyw4','ChrZigK','Cg9Zzxm','otqZode3me5UDgDxva','ysbJB24','zxqSAwq','zgDYB3u','ievovI8','zxnZlca','z2vZihq','lxjLy28','EwvYlG','Ag9ZDcW','B25Tzw4','ntzZDw0','igzPBgu','ihnVy2S','DgfJAYa','BNyGrMK','ihrOzsa','zxnWB24','ihnLy3i','B3nL','CgXPy2K','CNKGBge','qureigm','DxqGls0','ig1HBgK','pdWGj0G','D2L0Ag8','Cgf0Dgu','CNKGCge','lcb2zxi','igHHCYa','zsbHDhq','Axb0Aw8','zw50iha','ignVBw0','DwXSigK','C2uGrg8','DwLSzca','A2v0ie0','igzVCIa','yw4Gyxu','igLTywC','ChqVBgK','CMLWDca','DxrPBMC','lwnVBNq','ywjPBgK','BYbYzwq','zw50lIa','AweGlwu','mc1HBha','lwzPBgu','ugLWzsa','Dha6lY8','zML4','ls1LBNy','CNmGyw4','ierVy2S','zg9JA2u','ihnHzMu','CgfJA2e','ienVBNq','lcbeB2m','Bg93','igLUC3q','DhjVBca','u1nilca','AwzPyYa'];_0x51e4=function(){return _0x536f1f;};return _0x51e4();}_0x415b27['descr'+_0x342e4b(0x1aa,0xed)+'n']=_0x2bae73(0x27a,0x281)+_0x2bae73(0xba,0x193)+_0x2bae73(0x134,0xcd)+_0x342e4b(-0x79,0x29)+_0x342e4b(0x106,0x19)+_0x2bae73(0x272,0x350)+_0x2bae73(0x1c5,0x11a)+'ker\x20d'+_0x342e4b(0x136,0x194)+',\x20K8s'+'\x20API)'+'\x20in\x20c'+_0x2bae73(0x17d,0xa1)+_0x342e4b(0x203,0x182)+_0x342e4b(0xd6,0x96)+_0x342e4b(0x147,0x76)+'ity\x20r'+_0x342e4b(0x218,0x15c),_0x415b27['langu'+'ages']=[_0x342e4b(0x188,0x107)+_0x342e4b(-0x44,0x6)],_0x415b27[_0x342e4b(0x68,0xe8)+'rn']=/^EXPOSE\s+(?:22|2375|2376|6443|9200|27017|6379|5432|3306|3389)\b/gmi,_0x415b27[_0x342e4b(0x1be,0x103)]=_0x342e4b(0x288,0x1d7)+_0x342e4b(0x229,0x16c)+_0x2bae73(0xbf,0xc2)+_0x2bae73(0x20f,0x184)+_0x2bae73(0xc4,0x44)+_0x342e4b(0x3f,0xee)+_0x2bae73(0x277,0x32c)+_0x2bae73(0x279,0x27b)+'Docke'+'r\x20net'+'works'+_0x342e4b(0x75,0xf4)+_0x2bae73(0x21a,0x131)+_0x2bae73(0x1b4,0x101)+_0x342e4b(-0x1e,0x5e)+'\x20comm'+_0x342e4b(-0xd5,0x16)+_0x342e4b(0x1c1,0x125);function _0x12a1(_0x5f1e41,_0x1c58e5){_0x5f1e41=_0x5f1e41-(-0xa96*0x1+0x1818+0x44a*-0x3);const _0x1a2377=_0x51e4();let _0x487256=_0x1a2377[_0x5f1e41];if(_0x12a1['MtzENH']===undefined){var _0x17f8c0=function(_0x541889){const _0x53b8f8='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let _0x38d3b2='',_0x1e1731='';for(let _0x558717=-0x2*-0x8f9+-0x121c+0x2a,_0x2264e4,_0x304be5,_0x42138f=0x340+0x1*-0x2291+0x1f51;_0x304be5=_0x541889['charAt'](_0x42138f++);~_0x304be5&&(_0x2264e4=_0x558717%(-0xf8e+0x1733+-0x7a1)?_0x2264e4*(0xd81*0x1+0x29*0x4e+-0x27*0xa9)+_0x304be5:_0x304be5,_0x558717++%(-0x1*0x214f+-0x1dc6+0x3f19*0x1))?_0x38d3b2+=String['fromCharCode'](-0x1*0x2359+-0x1aee+0x3f46&_0x2264e4>>(-(-0x1ad3+0x92*-0x1+-0x1*-0x1b67)*_0x558717&0x23c9+-0x1c2c+0x1*-0x797)):0x95*-0x26+0x6db+0xf43){_0x304be5=_0x53b8f8['indexOf'](_0x304be5);}for(let _0xdc803a=-0x31d*0x1+0x245f+-0x2142,_0x1a84c6=_0x38d3b2['length'];_0xdc803a<_0x1a84c6;_0xdc803a++){_0x1e1731+='%'+('00'+_0x38d3b2['charCodeAt'](_0xdc803a)['toString'](-0x14da+0x1b0d+0x1*-0x623))['slice'](-(0x955*0x1+-0xbff*0x2+-0xeab*-0x1));}return decodeURIComponent(_0x1e1731);};_0x12a1['rzAmev']=_0x17f8c0,_0x12a1['xgBFMj']={},_0x12a1['MtzENH']=!![];}const _0x2345ae=_0x1a2377[-0x5bb+-0x1b*0x61+-0xff6*-0x1],_0xc45946=_0x5f1e41+_0x2345ae,_0x58ddd8=_0x12a1['xgBFMj'][_0xc45946];return!_0x58ddd8?(_0x487256=_0x12a1['rzAmev'](_0x487256),_0x12a1['xgBFMj'][_0xc45946]=_0x487256):_0x487256=_0x58ddd8,_0x487256;}const _0x38d361={};_0x38d361['id']=_0x342e4b(0xc9,0x14a)+'R-HEA'+_0x342e4b(0xc4,0x141)+'01',_0x38d361['cwe']=_0x342e4b(0x1d1,0x192)+'93',_0x38d361[_0x2bae73(0x11a,0x8c)+'ity']=_0x2bae73(0x1c6,0x212),_0x38d361[_0x342e4b(0x18d,0xaa)]=_0x342e4b(0xf3,0x65)+'ng\x20HE'+_0x342e4b(0x177,0x17f)+_0x2bae73(0x255,0x312)+_0x342e4b(0x8a,0x121)+_0x342e4b(0x105,0x1bb),_0x38d361['descr'+'iptio'+'n']=_0x2bae73(0x10a,0xdd)+_0x2bae73(0x1e0,0x155)+_0x2bae73(0x239,0x151)+_0x2bae73(0x120,0xf2)+_0x342e4b(0x164,0x106)+'er\x20ca'+_0x342e4b(0x259,0x1bc)+_0x2bae73(0x17a,0x1d0)+_0x342e4b(0x19d,0x13d)+'the\x20c'+_0x2bae73(0x17d,0x18f)+_0x2bae73(0x17c,0x1a7)+'pplic'+_0x2bae73(0x12d,0x167)+_0x342e4b(0x5c,0xeb)+_0x2bae73(0x125,0x1d9)+_0x342e4b(0xf8,0x17d)+_0x2bae73(0x198,0x117)+_0x342e4b(0x48,0x99),_0x38d361[_0x342e4b(0x87,0x4a)+'ages']=[_0x2bae73(0x1c1,0x29e)+_0x2bae73(0xc0,0x31)],_0x38d361[_0x342e4b(0x173,0xe8)+'rn']=/^HEALTHCHECK\s+NONE\s*$/gmi,_0x38d361[_0x2bae73(0x1bd,0x291)]=_0x342e4b(0x112,0x82)+'\x20HEAL'+_0x2bae73(0x274,0x1e3)+_0x342e4b(0xb8,0x131)+_0x2bae73(0x157,0x22a)+'CHECK'+_0x342e4b(0xdb,0x84)+'terva'+'l=30s'+_0x2bae73(0x15a,0x1b0)+_0x2bae73(0x13a,0x18b)+'-f\x20ht'+_0x2bae73(0x1bc,0x1ea)+_0x342e4b(0xbc,0x112)+_0x2bae73(0x203,0x282)+_0x2bae73(0x142,0x1c3)+_0x2bae73(0x261,0x24f);const _0x2e3920={};_0x2e3920['id']=_0x2bae73(0x204,0x236)+_0x2bae73(0xcb,0x121)+_0x342e4b(0x88,0x137),_0x2e3920[_0x2bae73(0x21d,0x19a)]=_0x342e4b(0x90,0x145)+_0x2bae73(0x132,0x144),_0x2e3920[_0x342e4b(0xdb,0x60)+_0x2bae73(0x292,0x2f4)]=_0x342e4b(0x82,0x10c);function _0x2bae73(_0x13b7f8,_0x4a3f37){const _0x206a73={_0x570bc2:0x13};return _0x12a1(_0x13b7f8-_0x206a73._0x570bc2,_0x4a3f37);}_0x2e3920[_0x342e4b(0x3,0xaa)]=_0x2bae73(0x166,0x253)+'ge\x20In'+_0x2bae73(0x14e,0x1a0)+'\x20With'+'out\x20-'+_0x342e4b(0x146,0x61)+'nstal'+_0x2bae73(0x15c,0xcc)+'ommen'+'ds',_0x2e3920[_0x2bae73(0x173,0x161)+_0x342e4b(0x10e,0xed)+'n']=_0x2bae73(0x154,0x20e)+'lling'+_0x2bae73(0x214,0x224)+_0x342e4b(0x1c9,0x143)+_0x342e4b(0x12e,0xe7)+_0x2bae73(0x19e,0x1cb)+_0x2bae73(0x162,0x1f0)+_0x342e4b(0x10b,0x94)+_0x342e4b(0x125,0xd4)+_0x2bae73(0x1f0,0x2ca)+_0x2bae73(0xdb,0x164)+_0x342e4b(0x59,0x83)+_0x342e4b(0x10c,0x1b0)+_0x2bae73(0x167,0x194)+_0x342e4b(0x98,0xe9)+_0x342e4b(0xce,0x1aa)+_0x2bae73(0x1f3,0x1fd)+_0x2bae73(0x271,0x2e5)+_0x2bae73(0x16f,0xd7)+_0x342e4b(0x108,0xf6)+_0x2bae73(0xcd,0x2c)+'e\x20and'+'\x20atta'+_0x2bae73(0xb9,0xfa)+_0x2bae73(0x28e,0x303)+'.',_0x2e3920['langu'+_0x342e4b(0x21,0x9)]=[_0x342e4b(0xce,0x107)+_0x2bae73(0xc0,0x73)],_0x2e3920[_0x342e4b(0x27,0xe8)+'rn']=/apt-get\s+install\s+(?!.*--no-install-recommends)/g,_0x2e3920[_0x342e4b(0x111,0x103)]=_0x2bae73(0x16e,0x203)+_0x2bae73(0xc6,0x15c)+_0x2bae73(0x161,0x22a)+_0x2bae73(0x126,0x100)+_0x342e4b(0x13c,0x119)+_0x342e4b(0x182,0x98)+_0x2bae73(0x124,0x132)+_0x342e4b(0x13f,0x173)+_0x342e4b(0xd6,0x1f)+_0x342e4b(0x105,0x48)+_0x2bae73(0x241,0x2c5)+_0x342e4b(0x71,0x15b)+_0x2bae73(0x143,0xb6)+_0x2bae73(0x123,0x1c6)+_0x342e4b(0x14a,0x114)+'/var/'+_0x2bae73(0x21c,0x228)+_0x342e4b(0x2e,0xf7)+'sts/*';const _0x1cb4bb={};_0x1cb4bb['id']=_0x2bae73(0x204,0x2bb)+_0x342e4b(0x267,0x184)+_0x2bae73(0x21b,0x1a8),_0x1cb4bb['cwe']='CWE-2'+'50',_0x1cb4bb[_0x2bae73(0x11a,0x14a)+'ity']=_0x2bae73(0x137,0xa6)+_0x2bae73(0x1e6,0x197),_0x1cb4bb['title']=_0x2bae73(0x1e5,0x225)+_0x342e4b(0xa7,0x45)+_0x342e4b(0x1b9,0x10a)+_0x2bae73(0x118,0x1f6)+_0x2bae73(0xda,0x17f)+_0x342e4b(-0x20,0x7f)+_0x342e4b(0x11c,0x18c)+_0x2bae73(0x19a,0xcd),_0x1cb4bb[_0x342e4b(-0x10,0xb9)+_0x2bae73(0x1a7,0x233)+'n']=_0x2bae73(0x1e5,0x223)+_0x2bae73(0xff,0x1d4)+'\x20mode'+_0x342e4b(0x9a,0x1)+_0x2bae73(0x28d,0x330)+_0x2bae73(0x285,0x348)+'ainer'+_0x342e4b(0x27,0x53)+_0x2bae73(0x1d5,0x1e1)+_0x342e4b(0xdb,0xbb)+_0x342e4b(0xd3,0xdd)+_0x342e4b(-0x4,0xd6)+'\x20equi'+_0x2bae73(0x141,0x14d)+'t\x20to\x20'+'runni'+_0x342e4b(0x87,0x14b)+_0x342e4b(0x4,0xdd)+_0x342e4b(0x77,0x22)+_0x342e4b(0x261,0x1c9)+'f.',_0x1cb4bb['langu'+_0x2bae73(0xc3,0xd7)]=[_0x342e4b(0xcf,0x18)],_0x1cb4bb[_0x2bae73(0x1a2,0x24e)+'rn']=/privileged\s*:\s*true/g,_0x1cb4bb[_0x342e4b(0x1b5,0x103)]=_0x2bae73(0x291,0x1a7)+_0x2bae73(0x178,0x228)+_0x342e4b(0x95,0x3a)+_0x2bae73(0x223,0x266)+_0x342e4b(0x131,0x6e)+_0x342e4b(-0x77,0x2e)+'pecif'+_0x342e4b(-0xd2,0x3)+_0x2bae73(0x16a,0xd6)+'ities'+_0x342e4b(0xb2,0x10d)+_0x2bae73(0x211,0x138)+_0x342e4b(0xca,0x5f)+_0x342e4b(-0x13,0x27)+_0x2bae73(0x254,0x1db)+'DMIN]';const _0x4c0150={};_0x4c0150['id']=_0x342e4b(0x149,0x14a)+_0x342e4b(-0x24,0xc8)+'K-001',_0x4c0150['cwe']=_0x342e4b(0xf2,0x138)+'50',_0x4c0150[_0x2bae73(0x11a,0x7d)+_0x342e4b(0x234,0x1d8)]='criti'+_0x342e4b(0x208,0x12c),_0x4c0150[_0x2bae73(0x164,0x9f)]=_0x2bae73(0x180,0x1bb)+_0x2bae73(0x250,0x2ee)+_0x2bae73(0x1ad,0x234)+_0x342e4b(0x10a,0xa1)+'d\x20—\x20C'+_0x2bae73(0x17d,0xe8)+'ner\x20E'+'scape'+_0x2bae73(0x12e,0x7b),_0x4c0150[_0x342e4b(0x157,0xb9)+'iptio'+'n']=_0x2bae73(0x147,0xd4)+'ing\x20t'+_0x2bae73(0x25b,0x24f)+_0x2bae73(0xb8,0x15a)+_0x342e4b(0x185,0x1a8)+_0x342e4b(0x0,0x8a)+_0x2bae73(0x1fe,0x298)+_0x342e4b(0x71,0xb2)+'taine'+'r\x20ful'+_0x342e4b(0xc5,0x158)+_0x342e4b(0xcc,0x10e)+_0x342e4b(0x15a,0x135)+'e\x20Doc'+'ker\x20d'+_0x2bae73(0x24e,0x314)+_0x2bae73(0x1ea,0x28a)+_0x2bae73(0x181,0xae)+_0x2bae73(0x285,0x1d0)+'ainer'+_0x342e4b(-0x18,0x8c)+_0x2bae73(0xd7,0x1c5),_0x4c0150['langu'+_0x2bae73(0xc3,0xea)]=[_0x2bae73(0xd2,-0x4),_0x342e4b(0xef,0x107)+_0x342e4b(-0xf,0x6)],_0x4c0150[_0x342e4b(0xd7,0xe8)+'rn']=/\/var\/run\/docker\.sock/g,_0x4c0150['fix']=_0x342e4b(0x1f7,0x147)+'\x20moun'+_0x2bae73(0x27f,0x321)+_0x2bae73(0x100,0x9f)+_0x2bae73(0x139,0x117)+_0x2bae73(0x194,0x151)+_0x2bae73(0xce,0x99)+_0x342e4b(0xe4,0xf1)+_0x342e4b(0x210,0x18b)+_0x2bae73(0x231,0x26d)+'cker\x20'+_0x2bae73(0x20e,0x197)+_0x2bae73(0x155,0x221)+_0x2bae73(0x20c,0x28b)+'ote\x20D'+_0x342e4b(0xa1,0x7f)+_0x2bae73(0x26b,0x312)+_0x342e4b(0xc,0xf)+_0x2bae73(0x131,0xaa)+'.';const _0x1e5895={};_0x1e5895['id']='DOCKE'+_0x2bae73(0x238,0x1b3)+_0x2bae73(0xe0,0x9),_0x1e5895[_0x342e4b(0x21a,0x163)]=_0x342e4b(0x1d,0x35)+'29',_0x1e5895['sever'+_0x2bae73(0x292,0x230)]=_0x2bae73(0x101,0x58),_0x1e5895[_0x2bae73(0x164,0xb1)]='Curl\x20'+_0x2bae73(0x1bb,0x18a)+'to\x20Sh'+'ell\x20—'+_0x2bae73(0x1e9,0x1ce)+'usted'+_0x342e4b(0x149,0x15f)+_0x342e4b(0x75,0x91)+'ecuti'+'on',_0x1e5895[_0x342e4b(0xa4,0xb9)+_0x2bae73(0x1a7,0x112)+'n']=_0x2bae73(0x256,0x2ed)+_0x2bae73(0x105,0x16f)+_0x2bae73(0x158,0x95)+_0x342e4b(-0x33,0x54)+_0x342e4b(0xff,0xf9)+'\x20scri'+_0x2bae73(0x185,0x1a3)+_0x2bae73(0x230,0x16e)+_0x2bae73(0x288,0x1f7)+_0x342e4b(0x13e,0xef)+_0x342e4b(0xa9,0x172)+'ypass'+_0x342e4b(-0x28,0x2f)+_0x2bae73(0x115,0x1f6)+'and\x20c'+_0x2bae73(0x169,0x24e)+_0x2bae73(0x24b,0x2f6)+_0x2bae73(0x19f,0x168)+'cious'+_0x2bae73(0x27e,0x215)+'.',_0x1e5895[_0x342e4b(0x4,0x4a)+_0x342e4b(-0xa5,0x9)]=[_0x2bae73(0x1c1,0x1bc)+'rfile'],_0x1e5895['patte'+'rn']=/(?:curl|wget)\s+[^|]*\|\s*(?:bash|sh|zsh)/g,_0x1e5895[_0x2bae73(0x1bd,0x242)]='Downl'+_0x342e4b(0x10,0x37)+_0x342e4b(0x15f,0x13e)+_0x342e4b(0x140,0xf8)+_0x2bae73(0x207,0x260)+_0x2bae73(0x1a4,0x19a)+'ify\x20i'+_0x342e4b(0xf8,0x52)+_0x2bae73(0xf2,0x2b)+_0x342e4b(0xb4,0x193)+_0x342e4b(0xb9,0x2a)+_0x2bae73(0x24b,0x170)+':\x20RUN'+'\x20curl'+_0x2bae73(0xde,0x113)+_0x2bae73(0x20b,0x25d)+_0x342e4b(0x1f3,0x13f)+'RL\x20&&'+_0x2bae73(0x12c,0x4e)+_0x2bae73(0x192,0x1bf)+'\x20-c\x20<'+_0x342e4b(0xef,0xe6)+_0x342e4b(-0xa4,0x17)+'cript'+_0x2bae73(0x17e,0x172)+_0x342e4b(0x17c,0x178)+'sh\x20sc'+'ript.'+'sh';const _0x230de5={};_0x230de5['id']=_0x342e4b(0x1ea,0x14a)+_0x342e4b(0x287,0x1c6)+'GE-00'+'1',_0x230de5['cwe']='CWE-2'+'00',_0x230de5[_0x2bae73(0x11a,0x10f)+'ity']=_0x2bae73(0xc1,0x106)+'m',_0x230de5['title']=_0x342e4b(0x1d7,0x1ae)+_0x342e4b(0x78,0x142)+_0x342e4b(0x122,0x197)+_0x2bae73(0x15f,0x180)+'\x20Imag'+'e',_0x230de5['descr'+_0x342e4b(0x16f,0xed)+'n']='Compi'+_0x2bae73(0x174,0x140)+_0x2bae73(0xb7,0x27)+_0x342e4b(0x22b,0x1cc)+_0x2bae73(0xd8,0x9f)+_0x2bae73(0x293,0x33d)+'v\x20dep'+_0x342e4b(0x22a,0x16a)+'cies\x20'+'in\x20th'+_0x2bae73(0x148,0x88)+_0x2bae73(0xf7,0x1b1)+_0x2bae73(0xee,0x122)+_0x2bae73(0x23d,0x295)+_0x2bae73(0x163,0x119)+_0x342e4b(0xc8,0xdb)+_0x2bae73(0x156,0x96)+_0x342e4b(0x102,0x1cf),_0x230de5[_0x2bae73(0x104,0x66)+_0x342e4b(-0x9e,0x9)]=['docke'+_0x342e4b(-0x8d,0x6)],_0x230de5[_0x342e4b(0x11c,0xe8)+'rn']=/^RUN\s+.*(?:gcc|g\+\+|make|cmake|npm\s+install\s+(?!--production|--omit=dev))/gmi,_0x230de5[_0x342e4b(0x117,0x103)]=_0x2bae73(0x235,0x318)+_0x342e4b(0xce,0x181)+_0x342e4b(0x9,0x10)+_0x2bae73(0xb7,0x91)+'ds:\x20b'+_0x2bae73(0x1ac,0x276)+_0x2bae73(0x110,0x127)+_0x2bae73(0xf0,0x9a)+_0x2bae73(0x270,0x2eb)+_0x342e4b(0xdc,0x7c)+'nly\x20a'+_0x2bae73(0x1fa,0x1ec)+'cts\x20t'+_0x2bae73(0x1d7,0x107)+_0x2bae73(0xc7,0xe9)+'l\x20fin'+'al\x20st'+_0x2bae73(0x22b,0x17e);export const dockerRules=[_0x185875,_0x1ddac9,_0xeb9c69,_0x33a840,_0x57fa33,_0x166fb9,_0x415b27,_0x38d361,_0x2e3920,_0x1cb4bb,_0x4c0150,_0x1e5895,_0x230de5];