@stordata/vsphere-soapify 1.0.20250614130902 → 1.0.20250624140830

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/gl-sast-report.json +3048 -0
  2. package/gl-sbom-npm-npm.cdx.json +8 -8
  3. package/package.json +2 -2
package/gl-sast-report.json ADDED
@@ -0,0 +1,3048 @@
1
+ {
2
+ "version": "15.1.4",
3
+ "vulnerabilities": [
4
+ {
5
+ "id": "8646136a771899e2fcd1f86f3216f6dd337537c591f09e104b0abd2422ecdd55",
6
+ "category": "sast",
7
+ "name": "Incorrect regular expression",
8
+ "description": "Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service.\n",
9
+ "cve": "semgrep_id:nodejs_scan.javascript-dos-rule-regex_dos:19:20",
10
+ "severity": "Medium",
11
+ "scanner": {
12
+ "id": "semgrep",
13
+ "name": "Semgrep"
14
+ },
15
+ "location": {
16
+ "file": "lib/parser.js",
17
+ "start_line": 19,
18
+ "end_line": 20
19
+ },
20
+ "identifiers": [
21
+ {
22
+ "type": "semgrep_id",
23
+ "name": "nodejs_scan.javascript-dos-rule-regex_dos",
24
+ "value": "nodejs_scan.javascript-dos-rule-regex_dos"
25
+ },
26
+ {
27
+ "type": "cwe",
28
+ "name": "CWE-185",
29
+ "value": "185",
30
+ "url": "https://cwe.mitre.org/data/definitions/185.html"
31
+ },
32
+ {
33
+ "type": "owasp",
34
+ "name": "A05:2021 - Security Misconfiguration",
35
+ "value": "A05:2021"
36
+ },
37
+ {
38
+ "type": "owasp",
39
+ "name": "A6:2017 - Security Misconfiguration",
40
+ "value": "A6:2017"
41
+ },
42
+ {
43
+ "type": "njsscan_rule_type",
44
+ "name": "NodeJS Scan ID javascript-dos-rule-regex_dos",
45
+ "value": "Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service."
46
+ }
47
+ ]
48
+ }
49
+ ],
50
+ "scan": {
51
+ "analyzer": {
52
+ "id": "semgrep",
53
+ "name": "Semgrep",
54
+ "url": "https://gitlab.com/gitlab-org/security-products/analyzers/semgrep",
55
+ "vendor": {
56
+ "name": "GitLab"
57
+ },
58
+ "version": "6.3.2"
59
+ },
60
+ "scanner": {
61
+ "id": "semgrep",
62
+ "name": "Semgrep",
63
+ "url": "https://github.com/returntocorp/semgrep",
64
+ "vendor": {
65
+ "name": "GitLab"
66
+ },
67
+ "version": "1.110.0"
68
+ },
69
+ "primary_identifiers": [
70
+ {
71
+ "type": "semgrep_id",
72
+ "name": "bandit.B101",
73
+ "value": "bandit.B101"
74
+ },
75
+ {
76
+ "type": "semgrep_id",
77
+ "name": "bandit.B102",
78
+ "value": "bandit.B102"
79
+ },
80
+ {
81
+ "type": "semgrep_id",
82
+ "name": "bandit.B103",
83
+ "value": "bandit.B103"
84
+ },
85
+ {
86
+ "type": "semgrep_id",
87
+ "name": "bandit.B104",
88
+ "value": "bandit.B104"
89
+ },
90
+ {
91
+ "type": "semgrep_id",
92
+ "name": "bandit.B108",
93
+ "value": "bandit.B108"
94
+ },
95
+ {
96
+ "type": "semgrep_id",
97
+ "name": "bandit.B113",
98
+ "value": "bandit.B113"
99
+ },
100
+ {
101
+ "type": "semgrep_id",
102
+ "name": "bandit.B201",
103
+ "value": "bandit.B201"
104
+ },
105
+ {
106
+ "type": "semgrep_id",
107
+ "name": "bandit.B202",
108
+ "value": "bandit.B202"
109
+ },
110
+ {
111
+ "type": "semgrep_id",
112
+ "name": "bandit.B301-1",
113
+ "value": "bandit.B301-1"
114
+ },
115
+ {
116
+ "type": "semgrep_id",
117
+ "name": "bandit.B301-2",
118
+ "value": "bandit.B301-2"
119
+ },
120
+ {
121
+ "type": "semgrep_id",
122
+ "name": "bandit.B301-3",
123
+ "value": "bandit.B301-3"
124
+ },
125
+ {
126
+ "type": "semgrep_id",
127
+ "name": "bandit.B301-4",
128
+ "value": "bandit.B301-4"
129
+ },
130
+ {
131
+ "type": "semgrep_id",
132
+ "name": "bandit.B302",
133
+ "value": "bandit.B302"
134
+ },
135
+ {
136
+ "type": "semgrep_id",
137
+ "name": "bandit.B303-1",
138
+ "value": "bandit.B303-1"
139
+ },
140
+ {
141
+ "type": "semgrep_id",
142
+ "name": "bandit.B303-2",
143
+ "value": "bandit.B303-2"
144
+ },
145
+ {
146
+ "type": "semgrep_id",
147
+ "name": "bandit.B303-7",
148
+ "value": "bandit.B303-7"
149
+ },
150
+ {
151
+ "type": "semgrep_id",
152
+ "name": "bandit.B303-8",
153
+ "value": "bandit.B303-8"
154
+ },
155
+ {
156
+ "type": "semgrep_id",
157
+ "name": "bandit.B304-1",
158
+ "value": "bandit.B304-1"
159
+ },
160
+ {
161
+ "type": "semgrep_id",
162
+ "name": "bandit.B304-10",
163
+ "value": "bandit.B304-10"
164
+ },
165
+ {
166
+ "type": "semgrep_id",
167
+ "name": "bandit.B304-11",
168
+ "value": "bandit.B304-11"
169
+ },
170
+ {
171
+ "type": "semgrep_id",
172
+ "name": "bandit.B304-12",
173
+ "value": "bandit.B304-12"
174
+ },
175
+ {
176
+ "type": "semgrep_id",
177
+ "name": "bandit.B304-2",
178
+ "value": "bandit.B304-2"
179
+ },
180
+ {
181
+ "type": "semgrep_id",
182
+ "name": "bandit.B304-3",
183
+ "value": "bandit.B304-3"
184
+ },
185
+ {
186
+ "type": "semgrep_id",
187
+ "name": "bandit.B304-4",
188
+ "value": "bandit.B304-4"
189
+ },
190
+ {
191
+ "type": "semgrep_id",
192
+ "name": "bandit.B304-5",
193
+ "value": "bandit.B304-5"
194
+ },
195
+ {
196
+ "type": "semgrep_id",
197
+ "name": "bandit.B304-6",
198
+ "value": "bandit.B304-6"
199
+ },
200
+ {
201
+ "type": "semgrep_id",
202
+ "name": "bandit.B304-7",
203
+ "value": "bandit.B304-7"
204
+ },
205
+ {
206
+ "type": "semgrep_id",
207
+ "name": "bandit.B304-8",
208
+ "value": "bandit.B304-8"
209
+ },
210
+ {
211
+ "type": "semgrep_id",
212
+ "name": "bandit.B304-9",
213
+ "value": "bandit.B304-9"
214
+ },
215
+ {
216
+ "type": "semgrep_id",
217
+ "name": "bandit.B305",
218
+ "value": "bandit.B305"
219
+ },
220
+ {
221
+ "type": "semgrep_id",
222
+ "name": "bandit.B306",
223
+ "value": "bandit.B306"
224
+ },
225
+ {
226
+ "type": "semgrep_id",
227
+ "name": "bandit.B307",
228
+ "value": "bandit.B307"
229
+ },
230
+ {
231
+ "type": "semgrep_id",
232
+ "name": "bandit.B310-1",
233
+ "value": "bandit.B310-1"
234
+ },
235
+ {
236
+ "type": "semgrep_id",
237
+ "name": "bandit.B311",
238
+ "value": "bandit.B311"
239
+ },
240
+ {
241
+ "type": "semgrep_id",
242
+ "name": "bandit.B313",
243
+ "value": "bandit.B313"
244
+ },
245
+ {
246
+ "type": "semgrep_id",
247
+ "name": "bandit.B314",
248
+ "value": "bandit.B314"
249
+ },
250
+ {
251
+ "type": "semgrep_id",
252
+ "name": "bandit.B315",
253
+ "value": "bandit.B315"
254
+ },
255
+ {
256
+ "type": "semgrep_id",
257
+ "name": "bandit.B316",
258
+ "value": "bandit.B316"
259
+ },
260
+ {
261
+ "type": "semgrep_id",
262
+ "name": "bandit.B317",
263
+ "value": "bandit.B317"
264
+ },
265
+ {
266
+ "type": "semgrep_id",
267
+ "name": "bandit.B318",
268
+ "value": "bandit.B318"
269
+ },
270
+ {
271
+ "type": "semgrep_id",
272
+ "name": "bandit.B319",
273
+ "value": "bandit.B319"
274
+ },
275
+ {
276
+ "type": "semgrep_id",
277
+ "name": "bandit.B320",
278
+ "value": "bandit.B320"
279
+ },
280
+ {
281
+ "type": "semgrep_id",
282
+ "name": "bandit.B323",
283
+ "value": "bandit.B323"
284
+ },
285
+ {
286
+ "type": "semgrep_id",
287
+ "name": "bandit.B324",
288
+ "value": "bandit.B324"
289
+ },
290
+ {
291
+ "type": "semgrep_id",
292
+ "name": "bandit.B401",
293
+ "value": "bandit.B401"
294
+ },
295
+ {
296
+ "type": "semgrep_id",
297
+ "name": "bandit.B413",
298
+ "value": "bandit.B413"
299
+ },
300
+ {
301
+ "type": "semgrep_id",
302
+ "name": "bandit.B501",
303
+ "value": "bandit.B501"
304
+ },
305
+ {
306
+ "type": "semgrep_id",
307
+ "name": "bandit.B502",
308
+ "value": "bandit.B502"
309
+ },
310
+ {
311
+ "type": "semgrep_id",
312
+ "name": "bandit.B504",
313
+ "value": "bandit.B504"
314
+ },
315
+ {
316
+ "type": "semgrep_id",
317
+ "name": "bandit.B505-1",
318
+ "value": "bandit.B505-1"
319
+ },
320
+ {
321
+ "type": "semgrep_id",
322
+ "name": "bandit.B505-2",
323
+ "value": "bandit.B505-2"
324
+ },
325
+ {
326
+ "type": "semgrep_id",
327
+ "name": "bandit.B506",
328
+ "value": "bandit.B506"
329
+ },
330
+ {
331
+ "type": "semgrep_id",
332
+ "name": "bandit.B507",
333
+ "value": "bandit.B507"
334
+ },
335
+ {
336
+ "type": "semgrep_id",
337
+ "name": "bandit.B508",
338
+ "value": "bandit.B508"
339
+ },
340
+ {
341
+ "type": "semgrep_id",
342
+ "name": "bandit.B509",
343
+ "value": "bandit.B509"
344
+ },
345
+ {
346
+ "type": "semgrep_id",
347
+ "name": "bandit.B602",
348
+ "value": "bandit.B602"
349
+ },
350
+ {
351
+ "type": "semgrep_id",
352
+ "name": "bandit.B603",
353
+ "value": "bandit.B603"
354
+ },
355
+ {
356
+ "type": "semgrep_id",
357
+ "name": "bandit.B604",
358
+ "value": "bandit.B604"
359
+ },
360
+ {
361
+ "type": "semgrep_id",
362
+ "name": "bandit.B605",
363
+ "value": "bandit.B605"
364
+ },
365
+ {
366
+ "type": "semgrep_id",
367
+ "name": "bandit.B606",
368
+ "value": "bandit.B606"
369
+ },
370
+ {
371
+ "type": "semgrep_id",
372
+ "name": "bandit.B607",
373
+ "value": "bandit.B607"
374
+ },
375
+ {
376
+ "type": "semgrep_id",
377
+ "name": "bandit.B608",
378
+ "value": "bandit.B608"
379
+ },
380
+ {
381
+ "type": "semgrep_id",
382
+ "name": "bandit.B609",
383
+ "value": "bandit.B609"
384
+ },
385
+ {
386
+ "type": "semgrep_id",
387
+ "name": "bandit.B610",
388
+ "value": "bandit.B610"
389
+ },
390
+ {
391
+ "type": "semgrep_id",
392
+ "name": "bandit.B611",
393
+ "value": "bandit.B611"
394
+ },
395
+ {
396
+ "type": "semgrep_id",
397
+ "name": "bandit.B611",
398
+ "value": "bandit.B611"
399
+ },
400
+ {
401
+ "type": "semgrep_id",
402
+ "name": "bandit.B612",
403
+ "value": "bandit.B612"
404
+ },
405
+ {
406
+ "type": "semgrep_id",
407
+ "name": "bandit.B701",
408
+ "value": "bandit.B701"
409
+ },
410
+ {
411
+ "type": "semgrep_id",
412
+ "name": "bandit.B702",
413
+ "value": "bandit.B702"
414
+ },
415
+ {
416
+ "type": "semgrep_id",
417
+ "name": "bandit.B703",
418
+ "value": "bandit.B703"
419
+ },
420
+ {
421
+ "type": "semgrep_id",
422
+ "name": "brakeman.ruby_cookie_rule-CheckCookieStoreSessionSecurityAttributes",
423
+ "value": "brakeman.ruby_cookie_rule-CheckCookieStoreSessionSecurityAttributes"
424
+ },
425
+ {
426
+ "type": "semgrep_id",
427
+ "name": "brakeman.ruby_cookie_rule-CookieSerialization",
428
+ "value": "brakeman.ruby_cookie_rule-CookieSerialization"
429
+ },
430
+ {
431
+ "type": "semgrep_id",
432
+ "name": "brakeman.ruby_crypto_rule-InsufficientRSAKeySize",
433
+ "value": "brakeman.ruby_crypto_rule-InsufficientRSAKeySize"
434
+ },
435
+ {
436
+ "type": "semgrep_id",
437
+ "name": "brakeman.ruby_crypto_rule-WeakHashesMD5",
438
+ "value": "brakeman.ruby_crypto_rule-WeakHashesMD5"
439
+ },
440
+ {
441
+ "type": "semgrep_id",
442
+ "name": "brakeman.ruby_crypto_rule-WeakHashesSHA1",
443
+ "value": "brakeman.ruby_crypto_rule-WeakHashesSHA1"
444
+ },
445
+ {
446
+ "type": "semgrep_id",
447
+ "name": "brakeman.ruby_csrf_rule-MissingCSRFProtection",
448
+ "value": "brakeman.ruby_csrf_rule-MissingCSRFProtection"
449
+ },
450
+ {
451
+ "type": "semgrep_id",
452
+ "name": "brakeman.ruby_deserialization_rule-BadDeserialization",
453
+ "value": "brakeman.ruby_deserialization_rule-BadDeserialization"
454
+ },
455
+ {
456
+ "type": "semgrep_id",
457
+ "name": "brakeman.ruby_deserialization_rule-BadDeserializationEnv",
458
+ "value": "brakeman.ruby_deserialization_rule-BadDeserializationEnv"
459
+ },
460
+ {
461
+ "type": "semgrep_id",
462
+ "name": "brakeman.ruby_deserialization_rule-BadDeserializationYAML",
463
+ "value": "brakeman.ruby_deserialization_rule-BadDeserializationYAML"
464
+ },
465
+ {
466
+ "type": "semgrep_id",
467
+ "name": "brakeman.ruby_error_rule-DivideByZero",
468
+ "value": "brakeman.ruby_error_rule-DivideByZero"
469
+ },
470
+ {
471
+ "type": "semgrep_id",
472
+ "name": "brakeman.ruby_escaping_rule-JSONEntityEscape",
473
+ "value": "brakeman.ruby_escaping_rule-JSONEntityEscape"
474
+ },
475
+ {
476
+ "type": "semgrep_id",
477
+ "name": "brakeman.ruby_eval_rule-NoEval",
478
+ "value": "brakeman.ruby_eval_rule-NoEval"
479
+ },
480
+ {
481
+ "type": "semgrep_id",
482
+ "name": "brakeman.ruby_exceptions_rule-DetailedExceptions",
483
+ "value": "brakeman.ruby_exceptions_rule-DetailedExceptions"
484
+ },
485
+ {
486
+ "type": "semgrep_id",
487
+ "name": "brakeman.ruby_file_rule-AvoidTaintedFileAccess",
488
+ "value": "brakeman.ruby_file_rule-AvoidTaintedFileAccess"
489
+ },
490
+ {
491
+ "type": "semgrep_id",
492
+ "name": "brakeman.ruby_file_rule-CheckRenderLocalFileInclude",
493
+ "value": "brakeman.ruby_file_rule-CheckRenderLocalFileInclude"
494
+ },
495
+ {
496
+ "type": "semgrep_id",
497
+ "name": "brakeman.ruby_file_rule-CheckSendFile",
498
+ "value": "brakeman.ruby_file_rule-CheckSendFile"
499
+ },
500
+ {
501
+ "type": "semgrep_id",
502
+ "name": "brakeman.ruby_filter_rule-CheckBeforeFilter",
503
+ "value": "brakeman.ruby_filter_rule-CheckBeforeFilter"
504
+ },
505
+ {
506
+ "type": "semgrep_id",
507
+ "name": "brakeman.ruby_find_rule-CheckUnscopedFind",
508
+ "value": "brakeman.ruby_find_rule-CheckUnscopedFind"
509
+ },
510
+ {
511
+ "type": "semgrep_id",
512
+ "name": "brakeman.ruby_ftp_rule-AvoidTaintedFTPCall",
513
+ "value": "brakeman.ruby_ftp_rule-AvoidTaintedFTPCall"
514
+ },
515
+ {
516
+ "type": "semgrep_id",
517
+ "name": "brakeman.ruby_http_rule-AvoidTaintedHTTPRequest",
518
+ "value": "brakeman.ruby_http_rule-AvoidTaintedHTTPRequest"
519
+ },
520
+ {
521
+ "type": "semgrep_id",
522
+ "name": "brakeman.ruby_http_rule-CheckHTTPVerbConfusion",
523
+ "value": "brakeman.ruby_http_rule-CheckHTTPVerbConfusion"
524
+ },
525
+ {
526
+ "type": "semgrep_id",
527
+ "name": "brakeman.ruby_injection_rule-AvoidTaintedShellCall",
528
+ "value": "brakeman.ruby_injection_rule-AvoidTaintedShellCall"
529
+ },
530
+ {
531
+ "type": "semgrep_id",
532
+ "name": "brakeman.ruby_injection_rule-BadSend",
533
+ "value": "brakeman.ruby_injection_rule-BadSend"
534
+ },
535
+ {
536
+ "type": "semgrep_id",
537
+ "name": "brakeman.ruby_injection_rule-DangerousExec",
538
+ "value": "brakeman.ruby_injection_rule-DangerousExec"
539
+ },
540
+ {
541
+ "type": "semgrep_id",
542
+ "name": "brakeman.ruby_mass_assignment_rule-ModelAttrAccessible",
543
+ "value": "brakeman.ruby_mass_assignment_rule-ModelAttrAccessible"
544
+ },
545
+ {
546
+ "type": "semgrep_id",
547
+ "name": "brakeman.ruby_mass_assignment_rule-UnprotectedMassAssign",
548
+ "value": "brakeman.ruby_mass_assignment_rule-UnprotectedMassAssign"
549
+ },
550
+ {
551
+ "type": "semgrep_id",
552
+ "name": "brakeman.ruby_redirect_rule-CheckRedirectTo",
553
+ "value": "brakeman.ruby_redirect_rule-CheckRedirectTo"
554
+ },
555
+ {
556
+ "type": "semgrep_id",
557
+ "name": "brakeman.ruby_reflection_rule-CheckUnsafeReflection",
558
+ "value": "brakeman.ruby_reflection_rule-CheckUnsafeReflection"
559
+ },
560
+ {
561
+ "type": "semgrep_id",
562
+ "name": "brakeman.ruby_reflection_rule-CheckUnsafeReflectionMethods",
563
+ "value": "brakeman.ruby_reflection_rule-CheckUnsafeReflectionMethods"
564
+ },
565
+ {
566
+ "type": "semgrep_id",
567
+ "name": "brakeman.ruby_regex_rule-CheckRegexDOS",
568
+ "value": "brakeman.ruby_regex_rule-CheckRegexDOS"
569
+ },
570
+ {
571
+ "type": "semgrep_id",
572
+ "name": "brakeman.ruby_regex_rule-CheckValidationRegex",
573
+ "value": "brakeman.ruby_regex_rule-CheckValidationRegex"
574
+ },
575
+ {
576
+ "type": "semgrep_id",
577
+ "name": "brakeman.ruby_routes_rule-AvoidDefaultRoutes",
578
+ "value": "brakeman.ruby_routes_rule-AvoidDefaultRoutes"
579
+ },
580
+ {
581
+ "type": "semgrep_id",
582
+ "name": "brakeman.ruby_session_rule-AvoidSessionManipulation",
583
+ "value": "brakeman.ruby_session_rule-AvoidSessionManipulation"
584
+ },
585
+ {
586
+ "type": "semgrep_id",
587
+ "name": "brakeman.ruby_sql_rule-CheckSQL",
588
+ "value": "brakeman.ruby_sql_rule-CheckSQL"
589
+ },
590
+ {
591
+ "type": "semgrep_id",
592
+ "name": "brakeman.ruby_ssl_rule-ForceSSLFalse",
593
+ "value": "brakeman.ruby_ssl_rule-ForceSSLFalse"
594
+ },
595
+ {
596
+ "type": "semgrep_id",
597
+ "name": "brakeman.ruby_ssl_rule-SSLModeNoVerify",
598
+ "value": "brakeman.ruby_ssl_rule-SSLModeNoVerify"
599
+ },
600
+ {
601
+ "type": "semgrep_id",
602
+ "name": "brakeman.ruby_xss_rule-AvoidLinkTo",
603
+ "value": "brakeman.ruby_xss_rule-AvoidLinkTo"
604
+ },
605
+ {
606
+ "type": "semgrep_id",
607
+ "name": "brakeman.ruby_xss_rule-AvoidRenderInline",
608
+ "value": "brakeman.ruby_xss_rule-AvoidRenderInline"
609
+ },
610
+ {
611
+ "type": "semgrep_id",
612
+ "name": "brakeman.ruby_xss_rule-AvoidRenderText",
613
+ "value": "brakeman.ruby_xss_rule-AvoidRenderText"
614
+ },
615
+ {
616
+ "type": "semgrep_id",
617
+ "name": "brakeman.ruby_xss_rule-ManualTemplateCreation",
618
+ "value": "brakeman.ruby_xss_rule-ManualTemplateCreation"
619
+ },
620
+ {
621
+ "type": "semgrep_id",
622
+ "name": "eslint.detect-buffer-noassert-read",
623
+ "value": "eslint.detect-buffer-noassert-read"
624
+ },
625
+ {
626
+ "type": "semgrep_id",
627
+ "name": "eslint.detect-buffer-noassert-write",
628
+ "value": "eslint.detect-buffer-noassert-write"
629
+ },
630
+ {
631
+ "type": "semgrep_id",
632
+ "name": "eslint.detect-disable-mustache-escape",
633
+ "value": "eslint.detect-disable-mustache-escape"
634
+ },
635
+ {
636
+ "type": "semgrep_id",
637
+ "name": "eslint.detect-eval-with-expression",
638
+ "value": "eslint.detect-eval-with-expression"
639
+ },
640
+ {
641
+ "type": "semgrep_id",
642
+ "name": "eslint.detect-new-buffer",
643
+ "value": "eslint.detect-new-buffer"
644
+ },
645
+ {
646
+ "type": "semgrep_id",
647
+ "name": "eslint.detect-non-literal-fs-filename",
648
+ "value": "eslint.detect-non-literal-fs-filename"
649
+ },
650
+ {
651
+ "type": "semgrep_id",
652
+ "name": "eslint.detect-non-literal-regexp",
653
+ "value": "eslint.detect-non-literal-regexp"
654
+ },
655
+ {
656
+ "type": "semgrep_id",
657
+ "name": "eslint.detect-non-literal-require",
658
+ "value": "eslint.detect-non-literal-require"
659
+ },
660
+ {
661
+ "type": "semgrep_id",
662
+ "name": "eslint.detect-possible-timing-attacks",
663
+ "value": "eslint.detect-possible-timing-attacks"
664
+ },
665
+ {
666
+ "type": "semgrep_id",
667
+ "name": "eslint.detect-pseudoRandomBytes",
668
+ "value": "eslint.detect-pseudoRandomBytes"
669
+ },
670
+ {
671
+ "type": "semgrep_id",
672
+ "name": "eslint.react-dangerouslysetinnerhtml",
673
+ "value": "eslint.react-dangerouslysetinnerhtml"
674
+ },
675
+ {
676
+ "type": "semgrep_id",
677
+ "name": "find_sec_bugs.BAD_HEXA_CONVERSION-1",
678
+ "value": "find_sec_bugs.BAD_HEXA_CONVERSION-1"
679
+ },
680
+ {
681
+ "type": "semgrep_id",
682
+ "name": "find_sec_bugs.BLOWFISH_KEY_SIZE-1",
683
+ "value": "find_sec_bugs.BLOWFISH_KEY_SIZE-1"
684
+ },
685
+ {
686
+ "type": "semgrep_id",
687
+ "name": "find_sec_bugs.CIPHER_INTEGRITY-1",
688
+ "value": "find_sec_bugs.CIPHER_INTEGRITY-1"
689
+ },
690
+ {
691
+ "type": "semgrep_id",
692
+ "name": "find_sec_bugs.COMMAND_INJECTION-1",
693
+ "value": "find_sec_bugs.COMMAND_INJECTION-1"
694
+ },
695
+ {
696
+ "type": "semgrep_id",
697
+ "name": "find_sec_bugs.CUSTOM_MESSAGE_DIGEST-1",
698
+ "value": "find_sec_bugs.CUSTOM_MESSAGE_DIGEST-1"
699
+ },
700
+ {
701
+ "type": "semgrep_id",
702
+ "name": "find_sec_bugs.DANGEROUS_PERMISSION_COMBINATION-1",
703
+ "value": "find_sec_bugs.DANGEROUS_PERMISSION_COMBINATION-1"
704
+ },
705
+ {
706
+ "type": "semgrep_id",
707
+ "name": "find_sec_bugs.DEFAULT_HTTP_CLIENT-1",
708
+ "value": "find_sec_bugs.DEFAULT_HTTP_CLIENT-1"
709
+ },
710
+ {
711
+ "type": "semgrep_id",
712
+ "name": "find_sec_bugs.DES_USAGE-1",
713
+ "value": "find_sec_bugs.DES_USAGE-1"
714
+ },
715
+ {
716
+ "type": "semgrep_id",
717
+ "name": "find_sec_bugs.DMI_CONSTANT_DB_PASSWORD-1.HARD_CODE_PASSWORD-3",
718
+ "value": "find_sec_bugs.DMI_CONSTANT_DB_PASSWORD-1.HARD_CODE_PASSWORD-3"
719
+ },
720
+ {
721
+ "type": "semgrep_id",
722
+ "name": "find_sec_bugs.DMI_EMPTY_DB_PASSWORD-1.HARD_CODE_PASSWORD-2",
723
+ "value": "find_sec_bugs.DMI_EMPTY_DB_PASSWORD-1.HARD_CODE_PASSWORD-2"
724
+ },
725
+ {
726
+ "type": "semgrep_id",
727
+ "name": "find_sec_bugs.ECB_MODE-1",
728
+ "value": "find_sec_bugs.ECB_MODE-1"
729
+ },
730
+ {
731
+ "type": "semgrep_id",
732
+ "name": "find_sec_bugs.EL_INJECTION-1",
733
+ "value": "find_sec_bugs.EL_INJECTION-1"
734
+ },
735
+ {
736
+ "type": "semgrep_id",
737
+ "name": "find_sec_bugs.EXTERNAL_CONFIG_CONTROL-1",
738
+ "value": "find_sec_bugs.EXTERNAL_CONFIG_CONTROL-1"
739
+ },
740
+ {
741
+ "type": "semgrep_id",
742
+ "name": "find_sec_bugs.FILE_UPLOAD_FILENAME-1",
743
+ "value": "find_sec_bugs.FILE_UPLOAD_FILENAME-1"
744
+ },
745
+ {
746
+ "type": "semgrep_id",
747
+ "name": "find_sec_bugs.FORMAT_STRING_MANIPULATION-1",
748
+ "value": "find_sec_bugs.FORMAT_STRING_MANIPULATION-1"
749
+ },
750
+ {
751
+ "type": "semgrep_id",
752
+ "name": "find_sec_bugs.HARD_CODE_PASSWORD-1",
753
+ "value": "find_sec_bugs.HARD_CODE_PASSWORD-1"
754
+ },
755
+ {
756
+ "type": "semgrep_id",
757
+ "name": "find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION-1",
758
+ "value": "find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION-1"
759
+ },
760
+ {
761
+ "type": "semgrep_id",
762
+ "name": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER-1",
763
+ "value": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER-1"
764
+ },
765
+ {
766
+ "type": "semgrep_id",
767
+ "name": "find_sec_bugs.HTTP_PARAMETER_POLLUTION-1",
768
+ "value": "find_sec_bugs.HTTP_PARAMETER_POLLUTION-1"
769
+ },
770
+ {
771
+ "type": "semgrep_id",
772
+ "name": "find_sec_bugs.HTTP_RESPONSE_SPLITTING-1",
773
+ "value": "find_sec_bugs.HTTP_RESPONSE_SPLITTING-1"
774
+ },
775
+ {
776
+ "type": "semgrep_id",
777
+ "name": "find_sec_bugs.INSECURE_COOKIE-1",
778
+ "value": "find_sec_bugs.INSECURE_COOKIE-1"
779
+ },
780
+ {
781
+ "type": "semgrep_id",
782
+ "name": "find_sec_bugs.INSECURE_SMTP_SSL-1",
783
+ "value": "find_sec_bugs.INSECURE_SMTP_SSL-1"
784
+ },
785
+ {
786
+ "type": "semgrep_id",
787
+ "name": "find_sec_bugs.LDAP_ANONYMOUS-1",
788
+ "value": "find_sec_bugs.LDAP_ANONYMOUS-1"
789
+ },
790
+ {
791
+ "type": "semgrep_id",
792
+ "name": "find_sec_bugs.LDAP_INJECTION-1",
793
+ "value": "find_sec_bugs.LDAP_INJECTION-1"
794
+ },
795
+ {
796
+ "type": "semgrep_id",
797
+ "name": "find_sec_bugs.MALICIOUS_XSLT-1",
798
+ "value": "find_sec_bugs.MALICIOUS_XSLT-1"
799
+ },
800
+ {
801
+ "type": "semgrep_id",
802
+ "name": "find_sec_bugs.MODIFICATION_AFTER_VALIDATION-1",
803
+ "value": "find_sec_bugs.MODIFICATION_AFTER_VALIDATION-1"
804
+ },
805
+ {
806
+ "type": "semgrep_id",
807
+ "name": "find_sec_bugs.NORMALIZATION_AFTER_VALIDATION-1",
808
+ "value": "find_sec_bugs.NORMALIZATION_AFTER_VALIDATION-1"
809
+ },
810
+ {
811
+ "type": "semgrep_id",
812
+ "name": "find_sec_bugs.NULL_CIPHER-1",
813
+ "value": "find_sec_bugs.NULL_CIPHER-1"
814
+ },
815
+ {
816
+ "type": "semgrep_id",
817
+ "name": "find_sec_bugs.OGNL_INJECTION-1",
818
+ "value": "find_sec_bugs.OGNL_INJECTION-1"
819
+ },
820
+ {
821
+ "type": "semgrep_id",
822
+ "name": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION-1",
823
+ "value": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION-1"
824
+ },
825
+ {
826
+ "type": "semgrep_id",
827
+ "name": "find_sec_bugs.PADDING_ORACLE-1",
828
+ "value": "find_sec_bugs.PADDING_ORACLE-1"
829
+ },
830
+ {
831
+ "type": "semgrep_id",
832
+ "name": "find_sec_bugs.PERMISSIVE_CORS-2",
833
+ "value": "find_sec_bugs.PERMISSIVE_CORS-2"
834
+ },
835
+ {
836
+ "type": "semgrep_id",
837
+ "name": "find_sec_bugs.PT_ABSOLUTE_PATH_TRAVERSAL-1",
838
+ "value": "find_sec_bugs.PT_ABSOLUTE_PATH_TRAVERSAL-1"
839
+ },
840
+ {
841
+ "type": "semgrep_id",
842
+ "name": "find_sec_bugs.REQUESTDISPATCHER_FILE_DISCLOSURE-1",
843
+ "value": "find_sec_bugs.REQUESTDISPATCHER_FILE_DISCLOSURE-1"
844
+ },
845
+ {
846
+ "type": "semgrep_id",
847
+ "name": "find_sec_bugs.RSA_KEY_SIZE-1",
848
+ "value": "find_sec_bugs.RSA_KEY_SIZE-1"
849
+ },
850
+ {
851
+ "type": "semgrep_id",
852
+ "name": "find_sec_bugs.RSA_NO_PADDING-1",
853
+ "value": "find_sec_bugs.RSA_NO_PADDING-1"
854
+ },
855
+ {
856
+ "type": "semgrep_id",
857
+ "name": "find_sec_bugs.SAML_IGNORE_COMMENTS-1",
858
+ "value": "find_sec_bugs.SAML_IGNORE_COMMENTS-1"
859
+ },
860
+ {
861
+ "type": "semgrep_id",
862
+ "name": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-1.SPEL_INJECTION-1.EL_INJECTION-2.SEAM_LOG_INJECTION-1",
863
+ "value": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-1.SPEL_INJECTION-1.EL_INJECTION-2.SEAM_LOG_INJECTION-1"
864
+ },
865
+ {
866
+ "type": "semgrep_id",
867
+ "name": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-2",
868
+ "value": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-2"
869
+ },
870
+ {
871
+ "type": "semgrep_id",
872
+ "name": "find_sec_bugs.SMTP_HEADER_INJECTION-1",
873
+ "value": "find_sec_bugs.SMTP_HEADER_INJECTION-1"
874
+ },
875
+ {
876
+ "type": "semgrep_id",
877
+ "name": "find_sec_bugs.SPRING_FILE_DISCLOSURE-1",
878
+ "value": "find_sec_bugs.SPRING_FILE_DISCLOSURE-1"
879
+ },
880
+ {
881
+ "type": "semgrep_id",
882
+ "name": "find_sec_bugs.SSL_CONTEXT-1",
883
+ "value": "find_sec_bugs.SSL_CONTEXT-1"
884
+ },
885
+ {
886
+ "type": "semgrep_id",
887
+ "name": "find_sec_bugs.SSL_CONTEXT-2",
888
+ "value": "find_sec_bugs.SSL_CONTEXT-2"
889
+ },
890
+ {
891
+ "type": "semgrep_id",
892
+ "name": "find_sec_bugs.TDES_USAGE-1",
893
+ "value": "find_sec_bugs.TDES_USAGE-1"
894
+ },
895
+ {
896
+ "type": "semgrep_id",
897
+ "name": "find_sec_bugs.TEMPLATE_INJECTION_PEBBLE-1.TEMPLATE_INJECTION_FREEMARKER-1.TEMPLATE_INJECTION_VELOCITY-1",
898
+ "value": "find_sec_bugs.TEMPLATE_INJECTION_PEBBLE-1.TEMPLATE_INJECTION_FREEMARKER-1.TEMPLATE_INJECTION_VELOCITY-1"
899
+ },
900
+ {
901
+ "type": "semgrep_id",
902
+ "name": "find_sec_bugs.UNVALIDATED_REDIRECT-1.URL_REWRITING-1",
903
+ "value": "find_sec_bugs.UNVALIDATED_REDIRECT-1.URL_REWRITING-1"
904
+ },
905
+ {
906
+ "type": "semgrep_id",
907
+ "name": "find_sec_bugs.URLCONNECTION_SSRF_FD-1",
908
+ "value": "find_sec_bugs.URLCONNECTION_SSRF_FD-1"
909
+ },
910
+ {
911
+ "type": "semgrep_id",
912
+ "name": "find_sec_bugs.WEAK_FILENAMEUTILS-1",
913
+ "value": "find_sec_bugs.WEAK_FILENAMEUTILS-1"
914
+ },
915
+ {
916
+ "type": "semgrep_id",
917
+ "name": "find_sec_bugs.WEAK_HOSTNAME_VERIFIER",
918
+ "value": "find_sec_bugs.WEAK_HOSTNAME_VERIFIER"
919
+ },
920
+ {
921
+ "type": "semgrep_id",
922
+ "name": "find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1",
923
+ "value": "find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1"
924
+ },
925
+ {
926
+ "type": "semgrep_id",
927
+ "name": "find_sec_bugs.WEAK_TRUST_MANAGER",
928
+ "value": "find_sec_bugs.WEAK_TRUST_MANAGER"
929
+ },
930
+ {
931
+ "type": "semgrep_id",
932
+ "name": "find_sec_bugs.WICKET_XSS1-1",
933
+ "value": "find_sec_bugs.WICKET_XSS1-1"
934
+ },
935
+ {
936
+ "type": "semgrep_id",
937
+ "name": "find_sec_bugs.XML_DECODER-1",
938
+ "value": "find_sec_bugs.XML_DECODER-1"
939
+ },
940
+ {
941
+ "type": "semgrep_id",
942
+ "name": "find_sec_bugs.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER-1",
943
+ "value": "find_sec_bugs.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER-1"
944
+ },
945
+ {
946
+ "type": "semgrep_id",
947
+ "name": "find_sec_bugs.XXE_XMLREADER-1",
948
+ "value": "find_sec_bugs.XXE_XMLREADER-1"
949
+ },
950
+ {
951
+ "type": "semgrep_id",
952
+ "name": "find_sec_bugs.BAD_HEXA_CONVERSION-1",
953
+ "value": "find_sec_bugs.BAD_HEXA_CONVERSION-1"
954
+ },
955
+ {
956
+ "type": "semgrep_id",
957
+ "name": "find_sec_bugs.BLOWFISH_KEY_SIZE-1",
958
+ "value": "find_sec_bugs.BLOWFISH_KEY_SIZE-1"
959
+ },
960
+ {
961
+ "type": "semgrep_id",
962
+ "name": "find_sec_bugs.CIPHER_INTEGRITY-1",
963
+ "value": "find_sec_bugs.CIPHER_INTEGRITY-1"
964
+ },
965
+ {
966
+ "type": "semgrep_id",
967
+ "name": "find_sec_bugs.COMMAND_INJECTION-1",
968
+ "value": "find_sec_bugs.COMMAND_INJECTION-1"
969
+ },
970
+ {
971
+ "type": "semgrep_id",
972
+ "name": "find_sec_bugs.CUSTOM_MESSAGE_DIGEST-1",
973
+ "value": "find_sec_bugs.CUSTOM_MESSAGE_DIGEST-1"
974
+ },
975
+ {
976
+ "type": "semgrep_id",
977
+ "name": "find_sec_bugs.DANGEROUS_PERMISSION_COMBINATION-1",
978
+ "value": "find_sec_bugs.DANGEROUS_PERMISSION_COMBINATION-1"
979
+ },
980
+ {
981
+ "type": "semgrep_id",
982
+ "name": "find_sec_bugs.DES_USAGE-1",
983
+ "value": "find_sec_bugs.DES_USAGE-1"
984
+ },
985
+ {
986
+ "type": "semgrep_id",
987
+ "name": "find_sec_bugs.DMI_CONSTANT_DB_PASSWORD-1.HARD_CODE_PASSWORD-3",
988
+ "value": "find_sec_bugs.DMI_CONSTANT_DB_PASSWORD-1.HARD_CODE_PASSWORD-3"
989
+ },
990
+ {
991
+ "type": "semgrep_id",
992
+ "name": "find_sec_bugs.DMI_EMPTY_DB_PASSWORD-1.HARD_CODE_PASSWORD-2",
993
+ "value": "find_sec_bugs.DMI_EMPTY_DB_PASSWORD-1.HARD_CODE_PASSWORD-2"
994
+ },
995
+ {
996
+ "type": "semgrep_id",
997
+ "name": "find_sec_bugs.ECB_MODE-1",
998
+ "value": "find_sec_bugs.ECB_MODE-1"
999
+ },
1000
+ {
1001
+ "type": "semgrep_id",
1002
+ "name": "find_sec_bugs.EL_INJECTION-1",
1003
+ "value": "find_sec_bugs.EL_INJECTION-1"
1004
+ },
1005
+ {
1006
+ "type": "semgrep_id",
1007
+ "name": "find_sec_bugs.EXTERNAL_CONFIG_CONTROL-1",
1008
+ "value": "find_sec_bugs.EXTERNAL_CONFIG_CONTROL-1"
1009
+ },
1010
+ {
1011
+ "type": "semgrep_id",
1012
+ "name": "find_sec_bugs.FILE_UPLOAD_FILENAME-1",
1013
+ "value": "find_sec_bugs.FILE_UPLOAD_FILENAME-1"
1014
+ },
1015
+ {
1016
+ "type": "semgrep_id",
1017
+ "name": "find_sec_bugs.FORMAT_STRING_MANIPULATION-1",
1018
+ "value": "find_sec_bugs.FORMAT_STRING_MANIPULATION-1"
1019
+ },
1020
+ {
1021
+ "type": "semgrep_id",
1022
+ "name": "find_sec_bugs.HARD_CODE_PASSWORD-1",
1023
+ "value": "find_sec_bugs.HARD_CODE_PASSWORD-1"
1024
+ },
1025
+ {
1026
+ "type": "semgrep_id",
1027
+ "name": "find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION-1",
1028
+ "value": "find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION-1"
1029
+ },
1030
+ {
1031
+ "type": "semgrep_id",
1032
+ "name": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER-1",
1033
+ "value": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER-1"
1034
+ },
1035
+ {
1036
+ "type": "semgrep_id",
1037
+ "name": "find_sec_bugs.HTTPONLY_COOKIE-1",
1038
+ "value": "find_sec_bugs.HTTPONLY_COOKIE-1"
1039
+ },
1040
+ {
1041
+ "type": "semgrep_id",
1042
+ "name": "find_sec_bugs.HTTP_PARAMETER_POLLUTION-1",
1043
+ "value": "find_sec_bugs.HTTP_PARAMETER_POLLUTION-1"
1044
+ },
1045
+ {
1046
+ "type": "semgrep_id",
1047
+ "name": "find_sec_bugs.HTTP_RESPONSE_SPLITTING-1",
1048
+ "value": "find_sec_bugs.HTTP_RESPONSE_SPLITTING-1"
1049
+ },
1050
+ {
1051
+ "type": "semgrep_id",
1052
+ "name": "find_sec_bugs.INSECURE_COOKIE-1",
1053
+ "value": "find_sec_bugs.INSECURE_COOKIE-1"
1054
+ },
1055
+ {
1056
+ "type": "semgrep_id",
1057
+ "name": "find_sec_bugs.INSECURE_SMTP_SSL-1",
1058
+ "value": "find_sec_bugs.INSECURE_SMTP_SSL-1"
1059
+ },
1060
+ {
1061
+ "type": "semgrep_id",
1062
+ "name": "find_sec_bugs.LDAP_ANONYMOUS-1",
1063
+ "value": "find_sec_bugs.LDAP_ANONYMOUS-1"
1064
+ },
1065
+ {
1066
+ "type": "semgrep_id",
1067
+ "name": "find_sec_bugs.LDAP_INJECTION-1",
1068
+ "value": "find_sec_bugs.LDAP_INJECTION-1"
1069
+ },
1070
+ {
1071
+ "type": "semgrep_id",
1072
+ "name": "find_sec_bugs.MALICIOUS_XSLT-1",
1073
+ "value": "find_sec_bugs.MALICIOUS_XSLT-1"
1074
+ },
1075
+ {
1076
+ "type": "semgrep_id",
1077
+ "name": "find_sec_bugs.MODIFICATION_AFTER_VALIDATION-1",
1078
+ "value": "find_sec_bugs.MODIFICATION_AFTER_VALIDATION-1"
1079
+ },
1080
+ {
1081
+ "type": "semgrep_id",
1082
+ "name": "find_sec_bugs.NORMALIZATION_AFTER_VALIDATION-1",
1083
+ "value": "find_sec_bugs.NORMALIZATION_AFTER_VALIDATION-1"
1084
+ },
1085
+ {
1086
+ "type": "semgrep_id",
1087
+ "name": "find_sec_bugs.NULL_CIPHER-1",
1088
+ "value": "find_sec_bugs.NULL_CIPHER-1"
1089
+ },
1090
+ {
1091
+ "type": "semgrep_id",
1092
+ "name": "find_sec_bugs.OGNL_INJECTION-1",
1093
+ "value": "find_sec_bugs.OGNL_INJECTION-1"
1094
+ },
1095
+ {
1096
+ "type": "semgrep_id",
1097
+ "name": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION-1",
1098
+ "value": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION-1"
1099
+ },
1100
+ {
1101
+ "type": "semgrep_id",
1102
+ "name": "find_sec_bugs.PADDING_ORACLE-1",
1103
+ "value": "find_sec_bugs.PADDING_ORACLE-1"
1104
+ },
1105
+ {
1106
+ "type": "semgrep_id",
1107
+ "name": "find_sec_bugs.PERMISSIVE_CORS-2",
1108
+ "value": "find_sec_bugs.PERMISSIVE_CORS-2"
1109
+ },
1110
+ {
1111
+ "type": "semgrep_id",
1112
+ "name": "find_sec_bugs.PT_ABSOLUTE_PATH_TRAVERSAL-1",
1113
+ "value": "find_sec_bugs.PT_ABSOLUTE_PATH_TRAVERSAL-1"
1114
+ },
1115
+ {
1116
+ "type": "semgrep_id",
1117
+ "name": "find_sec_bugs.REQUESTDISPATCHER_FILE_DISCLOSURE-1.STRUTS_FILE_DISCLOSURE-1.SPRING_FILE_DISCLOSURE-1",
1118
+ "value": "find_sec_bugs.REQUESTDISPATCHER_FILE_DISCLOSURE-1.STRUTS_FILE_DISCLOSURE-1.SPRING_FILE_DISCLOSURE-1"
1119
+ },
1120
+ {
1121
+ "type": "semgrep_id",
1122
+ "name": "find_sec_bugs.RSA_KEY_SIZE-1",
1123
+ "value": "find_sec_bugs.RSA_KEY_SIZE-1"
1124
+ },
1125
+ {
1126
+ "type": "semgrep_id",
1127
+ "name": "find_sec_bugs.RSA_NO_PADDING-1",
1128
+ "value": "find_sec_bugs.RSA_NO_PADDING-1"
1129
+ },
1130
+ {
1131
+ "type": "semgrep_id",
1132
+ "name": "find_sec_bugs.SAML_IGNORE_COMMENTS-1",
1133
+ "value": "find_sec_bugs.SAML_IGNORE_COMMENTS-1"
1134
+ },
1135
+ {
1136
+ "type": "semgrep_id",
1137
+ "name": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-1.SPEL_INJECTION-1.EL_INJECTION-2.SEAM_LOG_INJECTION-1",
1138
+ "value": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-1.SPEL_INJECTION-1.EL_INJECTION-2.SEAM_LOG_INJECTION-1"
1139
+ },
1140
+ {
1141
+ "type": "semgrep_id",
1142
+ "name": "find_sec_bugs.SMTP_HEADER_INJECTION-1",
1143
+ "value": "find_sec_bugs.SMTP_HEADER_INJECTION-1"
1144
+ },
1145
+ {
1146
+ "type": "semgrep_id",
1147
+ "name": "find_sec_bugs.SPRING_CSRF_PROTECTION_DISABLED-1",
1148
+ "value": "find_sec_bugs.SPRING_CSRF_PROTECTION_DISABLED-1"
1149
+ },
1150
+ {
1151
+ "type": "semgrep_id",
1152
+ "name": "find_sec_bugs.SQL_INJECTION_SPRING_JDBC-1.SQL_INJECTION_JPA-1.SQL_INJECTION_JDO-1.SQL_INJECTION_JDBC-1.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE-1.SQL_INJECTION-1.SQL_INJECTION_HIBERNATE-1.SQL_INJECTION_VERTX-1.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING-1",
1153
+ "value": "find_sec_bugs.SQL_INJECTION_SPRING_JDBC-1.SQL_INJECTION_JPA-1.SQL_INJECTION_JDO-1.SQL_INJECTION_JDBC-1.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE-1.SQL_INJECTION-1.SQL_INJECTION_HIBERNATE-1.SQL_INJECTION_VERTX-1.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING-1"
1154
+ },
1155
+ {
1156
+ "type": "semgrep_id",
1157
+ "name": "find_sec_bugs.SSL_CONTEXT-1",
1158
+ "value": "find_sec_bugs.SSL_CONTEXT-1"
1159
+ },
1160
+ {
1161
+ "type": "semgrep_id",
1162
+ "name": "find_sec_bugs.SSL_CONTEXT-2",
1163
+ "value": "find_sec_bugs.SSL_CONTEXT-2"
1164
+ },
1165
+ {
1166
+ "type": "semgrep_id",
1167
+ "name": "find_sec_bugs.TDES_USAGE-1",
1168
+ "value": "find_sec_bugs.TDES_USAGE-1"
1169
+ },
1170
+ {
1171
+ "type": "semgrep_id",
1172
+ "name": "find_sec_bugs.TEMPLATE_INJECTION_PEBBLE-1.TEMPLATE_INJECTION_FREEMARKER-1.TEMPLATE_INJECTION_VELOCITY-1",
1173
+ "value": "find_sec_bugs.TEMPLATE_INJECTION_PEBBLE-1.TEMPLATE_INJECTION_FREEMARKER-1.TEMPLATE_INJECTION_VELOCITY-1"
1174
+ },
1175
+ {
1176
+ "type": "semgrep_id",
1177
+ "name": "find_sec_bugs.UNVALIDATED_REDIRECT-1.URL_REWRITING-1",
1178
+ "value": "find_sec_bugs.UNVALIDATED_REDIRECT-1.URL_REWRITING-1"
1179
+ },
1180
+ {
1181
+ "type": "semgrep_id",
1182
+ "name": "find_sec_bugs.URLCONNECTION_SSRF_FD-1",
1183
+ "value": "find_sec_bugs.URLCONNECTION_SSRF_FD-1"
1184
+ },
1185
+ {
1186
+ "type": "semgrep_id",
1187
+ "name": "find_sec_bugs.WEAK_FILENAMEUTILS-1",
1188
+ "value": "find_sec_bugs.WEAK_FILENAMEUTILS-1"
1189
+ },
1190
+ {
1191
+ "type": "semgrep_id",
1192
+ "name": "find_sec_bugs.WEAK_HOSTNAME_VERIFIER-1.WEAK_TRUST_MANAGER-1",
1193
+ "value": "find_sec_bugs.WEAK_HOSTNAME_VERIFIER-1.WEAK_TRUST_MANAGER-1"
1194
+ },
1195
+ {
1196
+ "type": "semgrep_id",
1197
+ "name": "find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1",
1198
+ "value": "find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1"
1199
+ },
1200
+ {
1201
+ "type": "semgrep_id",
1202
+ "name": "find_sec_bugs.WICKET_XSS1-1",
1203
+ "value": "find_sec_bugs.WICKET_XSS1-1"
1204
+ },
1205
+ {
1206
+ "type": "semgrep_id",
1207
+ "name": "find_sec_bugs.XML_DECODER-1",
1208
+ "value": "find_sec_bugs.XML_DECODER-1"
1209
+ },
1210
+ {
1211
+ "type": "semgrep_id",
1212
+ "name": "find_sec_bugs.XPATH_INJECTION-1",
1213
+ "value": "find_sec_bugs.XPATH_INJECTION-1"
1214
+ },
1215
+ {
1216
+ "type": "semgrep_id",
1217
+ "name": "find_sec_bugs.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER-1",
1218
+ "value": "find_sec_bugs.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER-1"
1219
+ },
1220
+ {
1221
+ "type": "semgrep_id",
1222
+ "name": "find_sec_bugs.XXE_SAXPARSER-1",
1223
+ "value": "find_sec_bugs.XXE_SAXPARSER-1"
1224
+ },
1225
+ {
1226
+ "type": "semgrep_id",
1227
+ "name": "find_sec_bugs.XXE_XMLREADER-1",
1228
+ "value": "find_sec_bugs.XXE_XMLREADER-1"
1229
+ },
1230
+ {
1231
+ "type": "semgrep_id",
1232
+ "name": "find_sec_bugs.XXE_XMLSTREAMREADER-1",
1233
+ "value": "find_sec_bugs.XXE_XMLSTREAMREADER-1"
1234
+ },
1235
+ {
1236
+ "type": "semgrep_id",
1237
+ "name": "find_sec_bugs.AWS_QUERY_INJECTION",
1238
+ "value": "find_sec_bugs.AWS_QUERY_INJECTION"
1239
+ },
1240
+ {
1241
+ "type": "semgrep_id",
1242
+ "name": "find_sec_bugs.BAD_HEXA_CONVERSION",
1243
+ "value": "find_sec_bugs.BAD_HEXA_CONVERSION"
1244
+ },
1245
+ {
1246
+ "type": "semgrep_id",
1247
+ "name": "find_sec_bugs.BEAN_PROPERTY_INJECTION",
1248
+ "value": "find_sec_bugs.BEAN_PROPERTY_INJECTION"
1249
+ },
1250
+ {
1251
+ "type": "semgrep_id",
1252
+ "name": "find_sec_bugs.BLOWFISH_KEY_SIZE",
1253
+ "value": "find_sec_bugs.BLOWFISH_KEY_SIZE"
1254
+ },
1255
+ {
1256
+ "type": "semgrep_id",
1257
+ "name": "find_sec_bugs.CIPHER_INTEGRITY",
1258
+ "value": "find_sec_bugs.CIPHER_INTEGRITY"
1259
+ },
1260
+ {
1261
+ "type": "semgrep_id",
1262
+ "name": "find_sec_bugs.COMMAND_INJECTION-1.SCALA_COMMAND_INJECTION-1",
1263
+ "value": "find_sec_bugs.COMMAND_INJECTION-1.SCALA_COMMAND_INJECTION-1"
1264
+ },
1265
+ {
1266
+ "type": "semgrep_id",
1267
+ "name": "find_sec_bugs.COOKIE_PERSISTENT",
1268
+ "value": "find_sec_bugs.COOKIE_PERSISTENT"
1269
+ },
1270
+ {
1271
+ "type": "semgrep_id",
1272
+ "name": "find_sec_bugs.COOKIE_USAGE",
1273
+ "value": "find_sec_bugs.COOKIE_USAGE"
1274
+ },
1275
+ {
1276
+ "type": "semgrep_id",
1277
+ "name": "find_sec_bugs.CRLF_INJECTION_LOGS",
1278
+ "value": "find_sec_bugs.CRLF_INJECTION_LOGS"
1279
+ },
1280
+ {
1281
+ "type": "semgrep_id",
1282
+ "name": "find_sec_bugs.CUSTOM_INJECTION",
1283
+ "value": "find_sec_bugs.CUSTOM_INJECTION"
1284
+ },
1285
+ {
1286
+ "type": "semgrep_id",
1287
+ "name": "find_sec_bugs.CUSTOM_INJECTION-2",
1288
+ "value": "find_sec_bugs.CUSTOM_INJECTION-2"
1289
+ },
1290
+ {
1291
+ "type": "semgrep_id",
1292
+ "name": "find_sec_bugs.CUSTOM_MESSAGE_DIGEST",
1293
+ "value": "find_sec_bugs.CUSTOM_MESSAGE_DIGEST"
1294
+ },
1295
+ {
1296
+ "type": "semgrep_id",
1297
+ "name": "find_sec_bugs.DANGEROUS_PERMISSION_COMBINATION",
1298
+ "value": "find_sec_bugs.DANGEROUS_PERMISSION_COMBINATION"
1299
+ },
1300
+ {
1301
+ "type": "semgrep_id",
1302
+ "name": "find_sec_bugs.DEFAULT_HTTP_CLIENT",
1303
+ "value": "find_sec_bugs.DEFAULT_HTTP_CLIENT"
1304
+ },
1305
+ {
1306
+ "type": "semgrep_id",
1307
+ "name": "find_sec_bugs.DES_USAGE",
1308
+ "value": "find_sec_bugs.DES_USAGE"
1309
+ },
1310
+ {
1311
+ "type": "semgrep_id",
1312
+ "name": "find_sec_bugs.DMI_CONSTANT_DB_PASSWORD-1.HARD_CODE_PASSWORD-3",
1313
+ "value": "find_sec_bugs.DMI_CONSTANT_DB_PASSWORD-1.HARD_CODE_PASSWORD-3"
1314
+ },
1315
+ {
1316
+ "type": "semgrep_id",
1317
+ "name": "find_sec_bugs.DMI_EMPTY_DB_PASSWORD-1.HARD_CODE_PASSWORD-2",
1318
+ "value": "find_sec_bugs.DMI_EMPTY_DB_PASSWORD-1.HARD_CODE_PASSWORD-2"
1319
+ },
1320
+ {
1321
+ "type": "semgrep_id",
1322
+ "name": "find_sec_bugs.ECB_MODE",
1323
+ "value": "find_sec_bugs.ECB_MODE"
1324
+ },
1325
+ {
1326
+ "type": "semgrep_id",
1327
+ "name": "find_sec_bugs.EL_INJECTION",
1328
+ "value": "find_sec_bugs.EL_INJECTION"
1329
+ },
1330
+ {
1331
+ "type": "semgrep_id",
1332
+ "name": "find_sec_bugs.EXTERNAL_CONFIG_CONTROL",
1333
+ "value": "find_sec_bugs.EXTERNAL_CONFIG_CONTROL"
1334
+ },
1335
+ {
1336
+ "type": "semgrep_id",
1337
+ "name": "find_sec_bugs.FILE_UPLOAD_FILENAME",
1338
+ "value": "find_sec_bugs.FILE_UPLOAD_FILENAME"
1339
+ },
1340
+ {
1341
+ "type": "semgrep_id",
1342
+ "name": "find_sec_bugs.FORMAT_STRING_MANIPULATION",
1343
+ "value": "find_sec_bugs.FORMAT_STRING_MANIPULATION"
1344
+ },
1345
+ {
1346
+ "type": "semgrep_id",
1347
+ "name": "find_sec_bugs.HARD_CODE_PASSWORD",
1348
+ "value": "find_sec_bugs.HARD_CODE_PASSWORD"
1349
+ },
1350
+ {
1351
+ "type": "semgrep_id",
1352
+ "name": "find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION",
1353
+ "value": "find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION"
1354
+ },
1355
+ {
1356
+ "type": "semgrep_id",
1357
+ "name": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_COOKIE",
1358
+ "value": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_COOKIE"
1359
+ },
1360
+ {
1361
+ "type": "semgrep_id",
1362
+ "name": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER",
1363
+ "value": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER"
1364
+ },
1365
+ {
1366
+ "type": "semgrep_id",
1367
+ "name": "find_sec_bugs.HTTPONLY_COOKIE",
1368
+ "value": "find_sec_bugs.HTTPONLY_COOKIE"
1369
+ },
1370
+ {
1371
+ "type": "semgrep_id",
1372
+ "name": "find_sec_bugs.HTTP_PARAMETER_POLLUTION",
1373
+ "value": "find_sec_bugs.HTTP_PARAMETER_POLLUTION"
1374
+ },
1375
+ {
1376
+ "type": "semgrep_id",
1377
+ "name": "find_sec_bugs.HTTP_RESPONSE_SPLITTING",
1378
+ "value": "find_sec_bugs.HTTP_RESPONSE_SPLITTING"
1379
+ },
1380
+ {
1381
+ "type": "semgrep_id",
1382
+ "name": "find_sec_bugs.IMPROPER_UNICODE",
1383
+ "value": "find_sec_bugs.IMPROPER_UNICODE"
1384
+ },
1385
+ {
1386
+ "type": "semgrep_id",
1387
+ "name": "find_sec_bugs.INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE",
1388
+ "value": "find_sec_bugs.INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE"
1389
+ },
1390
+ {
1391
+ "type": "semgrep_id",
1392
+ "name": "find_sec_bugs.INSECURE_COOKIE",
1393
+ "value": "find_sec_bugs.INSECURE_COOKIE"
1394
+ },
1395
+ {
1396
+ "type": "semgrep_id",
1397
+ "name": "find_sec_bugs.INSECURE_SMTP_SSL",
1398
+ "value": "find_sec_bugs.INSECURE_SMTP_SSL"
1399
+ },
1400
+ {
1401
+ "type": "semgrep_id",
1402
+ "name": "find_sec_bugs.JAXRS_ENDPOINT",
1403
+ "value": "find_sec_bugs.JAXRS_ENDPOINT"
1404
+ },
1405
+ {
1406
+ "type": "semgrep_id",
1407
+ "name": "find_sec_bugs.JAXWS_ENDPOINT",
1408
+ "value": "find_sec_bugs.JAXWS_ENDPOINT"
1409
+ },
1410
+ {
1411
+ "type": "semgrep_id",
1412
+ "name": "find_sec_bugs.LDAP_ANONYMOUS",
1413
+ "value": "find_sec_bugs.LDAP_ANONYMOUS"
1414
+ },
1415
+ {
1416
+ "type": "semgrep_id",
1417
+ "name": "find_sec_bugs.LDAP_ENTRY_POISONING",
1418
+ "value": "find_sec_bugs.LDAP_ENTRY_POISONING"
1419
+ },
1420
+ {
1421
+ "type": "semgrep_id",
1422
+ "name": "find_sec_bugs.LDAP_INJECTION",
1423
+ "value": "find_sec_bugs.LDAP_INJECTION"
1424
+ },
1425
+ {
1426
+ "type": "semgrep_id",
1427
+ "name": "find_sec_bugs.MALICIOUS_XSLT",
1428
+ "value": "find_sec_bugs.MALICIOUS_XSLT"
1429
+ },
1430
+ {
1431
+ "type": "semgrep_id",
1432
+ "name": "find_sec_bugs.MODIFICATION_AFTER_VALIDATION",
1433
+ "value": "find_sec_bugs.MODIFICATION_AFTER_VALIDATION"
1434
+ },
1435
+ {
1436
+ "type": "semgrep_id",
1437
+ "name": "find_sec_bugs.NORMALIZATION_AFTER_VALIDATION",
1438
+ "value": "find_sec_bugs.NORMALIZATION_AFTER_VALIDATION"
1439
+ },
1440
+ {
1441
+ "type": "semgrep_id",
1442
+ "name": "find_sec_bugs.NULL_CIPHER",
1443
+ "value": "find_sec_bugs.NULL_CIPHER"
1444
+ },
1445
+ {
1446
+ "type": "semgrep_id",
1447
+ "name": "find_sec_bugs.OGNL_INJECTION",
1448
+ "value": "find_sec_bugs.OGNL_INJECTION"
1449
+ },
1450
+ {
1451
+ "type": "semgrep_id",
1452
+ "name": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION",
1453
+ "value": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION"
1454
+ },
1455
+ {
1456
+ "type": "semgrep_id",
1457
+ "name": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION-2",
1458
+ "value": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION-2"
1459
+ },
1460
+ {
1461
+ "type": "semgrep_id",
1462
+ "name": "find_sec_bugs.PADDING_ORACLE",
1463
+ "value": "find_sec_bugs.PADDING_ORACLE"
1464
+ },
1465
+ {
1466
+ "type": "semgrep_id",
1467
+ "name": "find_sec_bugs.PATH_TRAVERSAL_IN-1.SCALA_PATH_TRAVERSAL_IN-1",
1468
+ "value": "find_sec_bugs.PATH_TRAVERSAL_IN-1.SCALA_PATH_TRAVERSAL_IN-1"
1469
+ },
1470
+ {
1471
+ "type": "semgrep_id",
1472
+ "name": "find_sec_bugs.PATH_TRAVERSAL_OUT",
1473
+ "value": "find_sec_bugs.PATH_TRAVERSAL_OUT"
1474
+ },
1475
+ {
1476
+ "type": "semgrep_id",
1477
+ "name": "find_sec_bugs.PERMISSIVE_CORS",
1478
+ "value": "find_sec_bugs.PERMISSIVE_CORS"
1479
+ },
1480
+ {
1481
+ "type": "semgrep_id",
1482
+ "name": "find_sec_bugs.PERMISSIVE_CORS-2",
1483
+ "value": "find_sec_bugs.PERMISSIVE_CORS-2"
1484
+ },
1485
+ {
1486
+ "type": "semgrep_id",
1487
+ "name": "find_sec_bugs.PT_ABSOLUTE_PATH_TRAVERSAL",
1488
+ "value": "find_sec_bugs.PT_ABSOLUTE_PATH_TRAVERSAL"
1489
+ },
1490
+ {
1491
+ "type": "semgrep_id",
1492
+ "name": "find_sec_bugs.PT_RELATIVE_PATH_TRAVERSAL",
1493
+ "value": "find_sec_bugs.PT_RELATIVE_PATH_TRAVERSAL"
1494
+ },
1495
+ {
1496
+ "type": "semgrep_id",
1497
+ "name": "find_sec_bugs.REQUESTDISPATCHER_FILE_DISCLOSURE-1.STRUTS_FILE_DISCLOSURE-1.SPRING_FILE_DISCLOSURE-1",
1498
+ "value": "find_sec_bugs.REQUESTDISPATCHER_FILE_DISCLOSURE-1.STRUTS_FILE_DISCLOSURE-1.SPRING_FILE_DISCLOSURE-1"
1499
+ },
1500
+ {
1501
+ "type": "semgrep_id",
1502
+ "name": "find_sec_bugs.RPC_ENABLED_EXTENSIONS",
1503
+ "value": "find_sec_bugs.RPC_ENABLED_EXTENSIONS"
1504
+ },
1505
+ {
1506
+ "type": "semgrep_id",
1507
+ "name": "find_sec_bugs.RSA_KEY_SIZE",
1508
+ "value": "find_sec_bugs.RSA_KEY_SIZE"
1509
+ },
1510
+ {
1511
+ "type": "semgrep_id",
1512
+ "name": "find_sec_bugs.RSA_NO_PADDING",
1513
+ "value": "find_sec_bugs.RSA_NO_PADDING"
1514
+ },
1515
+ {
1516
+ "type": "semgrep_id",
1517
+ "name": "find_sec_bugs.SAML_IGNORE_COMMENTS",
1518
+ "value": "find_sec_bugs.SAML_IGNORE_COMMENTS"
1519
+ },
1520
+ {
1521
+ "type": "semgrep_id",
1522
+ "name": "find_sec_bugs.SCALA_PLAY_SSRF",
1523
+ "value": "find_sec_bugs.SCALA_PLAY_SSRF"
1524
+ },
1525
+ {
1526
+ "type": "semgrep_id",
1527
+ "name": "find_sec_bugs.SCALA_SENSITIVE_DATA_EXPOSURE",
1528
+ "value": "find_sec_bugs.SCALA_SENSITIVE_DATA_EXPOSURE"
1529
+ },
1530
+ {
1531
+ "type": "semgrep_id",
1532
+ "name": "find_sec_bugs.SCALA_XSS_MVC_API",
1533
+ "value": "find_sec_bugs.SCALA_XSS_MVC_API"
1534
+ },
1535
+ {
1536
+ "type": "semgrep_id",
1537
+ "name": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-1.SPEL_INJECTION-1.EL_INJECTION-2.SEAM_LOG_INJECTION-1",
1538
+ "value": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-1.SPEL_INJECTION-1.EL_INJECTION-2.SEAM_LOG_INJECTION-1"
1539
+ },
1540
+ {
1541
+ "type": "semgrep_id",
1542
+ "name": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-2",
1543
+ "value": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-2"
1544
+ },
1545
+ {
1546
+ "type": "semgrep_id",
1547
+ "name": "find_sec_bugs.SMTP_HEADER_INJECTION",
1548
+ "value": "find_sec_bugs.SMTP_HEADER_INJECTION"
1549
+ },
1550
+ {
1551
+ "type": "semgrep_id",
1552
+ "name": "find_sec_bugs.SQL_INJECTION_SPRING_JDBC-1.SQL_INJECTION_JPA-1.SQL_INJECTION_JDO-1.SQL_INJECTION_JDBC-1.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE-1.SCALA_SQL_INJECTION_SLICK-1",
1553
+ "value": "find_sec_bugs.SQL_INJECTION_SPRING_JDBC-1.SQL_INJECTION_JPA-1.SQL_INJECTION_JDO-1.SQL_INJECTION_JDBC-1.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE-1.SCALA_SQL_INJECTION_SLICK-1"
1554
+ },
1555
+ {
1556
+ "type": "semgrep_id",
1557
+ "name": "find_sec_bugs.SSL_CONTEXT",
1558
+ "value": "find_sec_bugs.SSL_CONTEXT"
1559
+ },
1560
+ {
1561
+ "type": "semgrep_id",
1562
+ "name": "find_sec_bugs.STRUTS_FORM_VALIDATION",
1563
+ "value": "find_sec_bugs.STRUTS_FORM_VALIDATION"
1564
+ },
1565
+ {
1566
+ "type": "semgrep_id",
1567
+ "name": "find_sec_bugs.TDES_USAGE",
1568
+ "value": "find_sec_bugs.TDES_USAGE"
1569
+ },
1570
+ {
1571
+ "type": "semgrep_id",
1572
+ "name": "find_sec_bugs.TEMPLATE_INJECTION_PEBBLE-1.TEMPLATE_INJECTION_FREEMARKER-1.TEMPLATE_INJECTION_VELOCITY-1",
1573
+ "value": "find_sec_bugs.TEMPLATE_INJECTION_PEBBLE-1.TEMPLATE_INJECTION_FREEMARKER-1.TEMPLATE_INJECTION_VELOCITY-1"
1574
+ },
1575
+ {
1576
+ "type": "semgrep_id",
1577
+ "name": "find_sec_bugs.TRUST_BOUNDARY_VIOLATION",
1578
+ "value": "find_sec_bugs.TRUST_BOUNDARY_VIOLATION"
1579
+ },
1580
+ {
1581
+ "type": "semgrep_id",
1582
+ "name": "find_sec_bugs.UNENCRYPTED_SOCKET-1.UNENCRYPTED_SERVER_SOCKET-1",
1583
+ "value": "find_sec_bugs.UNENCRYPTED_SOCKET-1.UNENCRYPTED_SERVER_SOCKET-1"
1584
+ },
1585
+ {
1586
+ "type": "semgrep_id",
1587
+ "name": "find_sec_bugs.UNVALIDATED_REDIRECT-1.URL_REWRITING-1",
1588
+ "value": "find_sec_bugs.UNVALIDATED_REDIRECT-1.URL_REWRITING-1"
1589
+ },
1590
+ {
1591
+ "type": "semgrep_id",
1592
+ "name": "find_sec_bugs.URLCONNECTION_SSRF_FD",
1593
+ "value": "find_sec_bugs.URLCONNECTION_SSRF_FD"
1594
+ },
1595
+ {
1596
+ "type": "semgrep_id",
1597
+ "name": "find_sec_bugs.WEAK_FILENAMEUTILS",
1598
+ "value": "find_sec_bugs.WEAK_FILENAMEUTILS"
1599
+ },
1600
+ {
1601
+ "type": "semgrep_id",
1602
+ "name": "find_sec_bugs.WEAK_HOSTNAME_VERIFIER-1.WEAK_TRUST_MANAGER-1",
1603
+ "value": "find_sec_bugs.WEAK_HOSTNAME_VERIFIER-1.WEAK_TRUST_MANAGER-1"
1604
+ },
1605
+ {
1606
+ "type": "semgrep_id",
1607
+ "name": "find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1",
1608
+ "value": "find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1"
1609
+ },
1610
+ {
1611
+ "type": "semgrep_id",
1612
+ "name": "find_sec_bugs.WICKET_XSS1",
1613
+ "value": "find_sec_bugs.WICKET_XSS1"
1614
+ },
1615
+ {
1616
+ "type": "semgrep_id",
1617
+ "name": "find_sec_bugs.XML_DECODER",
1618
+ "value": "find_sec_bugs.XML_DECODER"
1619
+ },
1620
+ {
1621
+ "type": "semgrep_id",
1622
+ "name": "find_sec_bugs.XPATH_INJECTION",
1623
+ "value": "find_sec_bugs.XPATH_INJECTION"
1624
+ },
1625
+ {
1626
+ "type": "semgrep_id",
1627
+ "name": "find_sec_bugs.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER",
1628
+ "value": "find_sec_bugs.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER"
1629
+ },
1630
+ {
1631
+ "type": "semgrep_id",
1632
+ "name": "find_sec_bugs.XSS_REQUEST_WRAPPER",
1633
+ "value": "find_sec_bugs.XSS_REQUEST_WRAPPER"
1634
+ },
1635
+ {
1636
+ "type": "semgrep_id",
1637
+ "name": "find_sec_bugs.XSS_SERVLET",
1638
+ "value": "find_sec_bugs.XSS_SERVLET"
1639
+ },
1640
+ {
1641
+ "type": "semgrep_id",
1642
+ "name": "find_sec_bugs.XXE_DOCUMENT",
1643
+ "value": "find_sec_bugs.XXE_DOCUMENT"
1644
+ },
1645
+ {
1646
+ "type": "semgrep_id",
1647
+ "name": "find_sec_bugs.XXE_DTD_TRANSFORM_FACTORY-1.XXE_XSLT_TRANSFORM_FACTORY-1",
1648
+ "value": "find_sec_bugs.XXE_DTD_TRANSFORM_FACTORY-1.XXE_XSLT_TRANSFORM_FACTORY-1"
1649
+ },
1650
+ {
1651
+ "type": "semgrep_id",
1652
+ "name": "find_sec_bugs.XXE_SAXPARSER",
1653
+ "value": "find_sec_bugs.XXE_SAXPARSER"
1654
+ },
1655
+ {
1656
+ "type": "semgrep_id",
1657
+ "name": "find_sec_bugs.XXE_XMLREADER",
1658
+ "value": "find_sec_bugs.XXE_XMLREADER"
1659
+ },
1660
+ {
1661
+ "type": "semgrep_id",
1662
+ "name": "find_sec_bugs.XXE_XMLSTREAMREADER",
1663
+ "value": "find_sec_bugs.XXE_XMLSTREAMREADER"
1664
+ },
1665
+ {
1666
+ "type": "semgrep_id",
1667
+ "name": "find_sec_bugs.XXE_XPATH",
1668
+ "value": "find_sec_bugs.XXE_XPATH"
1669
+ },
1670
+ {
1671
+ "type": "semgrep_id",
1672
+ "name": "flawfinder.AddAccessAllowedAce-1",
1673
+ "value": "flawfinder.AddAccessAllowedAce-1"
1674
+ },
1675
+ {
1676
+ "type": "semgrep_id",
1677
+ "name": "flawfinder.CreateProcess-1",
1678
+ "value": "flawfinder.CreateProcess-1"
1679
+ },
1680
+ {
1681
+ "type": "semgrep_id",
1682
+ "name": "flawfinder.CreateProcessAsUser-1.CreateProcessWithLogon-1",
1683
+ "value": "flawfinder.CreateProcessAsUser-1.CreateProcessWithLogon-1"
1684
+ },
1685
+ {
1686
+ "type": "semgrep_id",
1687
+ "name": "flawfinder.EVP_des_ecb-1.EVP_des_cbc-1.EVP_des_cfb-1.EVP_des_ofb-1.EVP_desx_cbc-1",
1688
+ "value": "flawfinder.EVP_des_ecb-1.EVP_des_cbc-1.EVP_des_cfb-1.EVP_des_ofb-1.EVP_desx_cbc-1"
1689
+ },
1690
+ {
1691
+ "type": "semgrep_id",
1692
+ "name": "flawfinder.EVP_rc4_40-1.EVP_rc2_40_cbc-1.EVP_rc2_64_cbc-1",
1693
+ "value": "flawfinder.EVP_rc4_40-1.EVP_rc2_40_cbc-1.EVP_rc2_64_cbc-1"
1694
+ },
1695
+ {
1696
+ "type": "semgrep_id",
1697
+ "name": "flawfinder.GetTempFileName-1",
1698
+ "value": "flawfinder.GetTempFileName-1"
1699
+ },
1700
+ {
1701
+ "type": "semgrep_id",
1702
+ "name": "flawfinder.LoadLibrary-1",
1703
+ "value": "flawfinder.LoadLibrary-1"
1704
+ },
1705
+ {
1706
+ "type": "semgrep_id",
1707
+ "name": "flawfinder.LoadLibraryEx-1",
1708
+ "value": "flawfinder.LoadLibraryEx-1"
1709
+ },
1710
+ {
1711
+ "type": "semgrep_id",
1712
+ "name": "flawfinder.MultiByteToWideChar-1",
1713
+ "value": "flawfinder.MultiByteToWideChar-1"
1714
+ },
1715
+ {
1716
+ "type": "semgrep_id",
1717
+ "name": "flawfinder.RpcImpersonateClient-1.ImpersonateLoggedOnUser-1.CoImpersonateClient-1.ImpersonateNamedPipeClient-1.ImpersonateDdeClientWindow-1.ImpersonateSecurityContext-1.SetThreadToken-1",
1718
+ "value": "flawfinder.RpcImpersonateClient-1.ImpersonateLoggedOnUser-1.CoImpersonateClient-1.ImpersonateNamedPipeClient-1.ImpersonateDdeClientWindow-1.ImpersonateSecurityContext-1.SetThreadToken-1"
1719
+ },
1720
+ {
1721
+ "type": "semgrep_id",
1722
+ "name": "flawfinder.SetSecurityDescriptorDacl-1",
1723
+ "value": "flawfinder.SetSecurityDescriptorDacl-1"
1724
+ },
1725
+ {
1726
+ "type": "semgrep_id",
1727
+ "name": "flawfinder.StrCat-1.StrCatA-1.StrcatW-1.lstrcatA-1.lstrcatW-1.strCatBuff-1.StrCatBuffA-1.StrCatBuffW-1.StrCatChainW-1._tccat-1._mbccat-1._ftcscat-1.StrCatN-1.StrCatNA-1.StrCatNW-1.StrNCat-1.StrNCatA-1.StrNCatW-1.lstrncat-1.lstrcatnA-1.lstrcatnW-1",
1728
+ "value": "flawfinder.StrCat-1.StrCatA-1.StrcatW-1.lstrcatA-1.lstrcatW-1.strCatBuff-1.StrCatBuffA-1.StrCatBuffW-1.StrCatChainW-1._tccat-1._mbccat-1._ftcscat-1.StrCatN-1.StrCatNA-1.StrCatNW-1.StrNCat-1.StrNCatA-1.StrNCatW-1.lstrncat-1.lstrcatnA-1.lstrcatnW-1"
1729
+ },
1730
+ {
1731
+ "type": "semgrep_id",
1732
+ "name": "flawfinder.access-1",
1733
+ "value": "flawfinder.access-1"
1734
+ },
1735
+ {
1736
+ "type": "semgrep_id",
1737
+ "name": "flawfinder.atoi-1.atol-1._wtoi-1._wtoi64-1",
1738
+ "value": "flawfinder.atoi-1.atol-1._wtoi-1._wtoi64-1"
1739
+ },
1740
+ {
1741
+ "type": "semgrep_id",
1742
+ "name": "flawfinder.chmod-1",
1743
+ "value": "flawfinder.chmod-1"
1744
+ },
1745
+ {
1746
+ "type": "semgrep_id",
1747
+ "name": "flawfinder.chown-1",
1748
+ "value": "flawfinder.chown-1"
1749
+ },
1750
+ {
1751
+ "type": "semgrep_id",
1752
+ "name": "flawfinder.crypt-1.crypt_r-1",
1753
+ "value": "flawfinder.crypt-1.crypt_r-1"
1754
+ },
1755
+ {
1756
+ "type": "semgrep_id",
1757
+ "name": "flawfinder.cuserid-1",
1758
+ "value": "flawfinder.cuserid-1"
1759
+ },
1760
+ {
1761
+ "type": "semgrep_id",
1762
+ "name": "flawfinder.drand48-1.erand48-1.jrand48-1.lcong48-1.lrand48-1.mrand48-1.nrand48-1.random-1.seed48-1.setstate-1.srand-1.strfry-1.srandom-1.g_rand_boolean-1.g_rand_int-1.g_rand_int_range-1.g_rand_double-1.g_rand_double_range-1.g_random_boolean-1.g_random_int-1.g_random_int_range-1.g_random_double-1.g_random_double_range-1",
1763
+ "value": "flawfinder.drand48-1.erand48-1.jrand48-1.lcong48-1.lrand48-1.mrand48-1.nrand48-1.random-1.seed48-1.setstate-1.srand-1.strfry-1.srandom-1.g_rand_boolean-1.g_rand_int-1.g_rand_int_range-1.g_rand_double-1.g_rand_double_range-1.g_random_boolean-1.g_random_int-1.g_random_int_range-1.g_random_double-1.g_random_double_range-1"
1764
+ },
1765
+ {
1766
+ "type": "semgrep_id",
1767
+ "name": "flawfinder.execl-1.execlp-1.execle-1.execv-1.execvp-1.popen-1.WinExec-1.ShellExecute-1",
1768
+ "value": "flawfinder.execl-1.execlp-1.execle-1.execv-1.execvp-1.popen-1.WinExec-1.ShellExecute-1"
1769
+ },
1770
+ {
1771
+ "type": "semgrep_id",
1772
+ "name": "flawfinder.fopen-1.open-1",
1773
+ "value": "flawfinder.fopen-1.open-1"
1774
+ },
1775
+ {
1776
+ "type": "semgrep_id",
1777
+ "name": "flawfinder.fprintf-1.vfprintf-1._ftprintf-1._vftprintf-1.fwprintf-1.fvwprintf-1",
1778
+ "value": "flawfinder.fprintf-1.vfprintf-1._ftprintf-1._vftprintf-1.fwprintf-1.fvwprintf-1"
1779
+ },
1780
+ {
1781
+ "type": "semgrep_id",
1782
+ "name": "flawfinder.fscanf-1.sscanf-1.vsscanf-1.vfscanf-1._ftscanf-1.fwscanf-1.vfwscanf-1.vswscanf-1",
1783
+ "value": "flawfinder.fscanf-1.sscanf-1.vsscanf-1.vfscanf-1._ftscanf-1.fwscanf-1.vfwscanf-1.vswscanf-1"
1784
+ },
1785
+ {
1786
+ "type": "semgrep_id",
1787
+ "name": "flawfinder.g_get_home_dir-1",
1788
+ "value": "flawfinder.g_get_home_dir-1"
1789
+ },
1790
+ {
1791
+ "type": "semgrep_id",
1792
+ "name": "flawfinder.g_get_tmp_dir-1",
1793
+ "value": "flawfinder.g_get_tmp_dir-1"
1794
+ },
1795
+ {
1796
+ "type": "semgrep_id",
1797
+ "name": "flawfinder.getenv-1.curl_getenv-1",
1798
+ "value": "flawfinder.getenv-1.curl_getenv-1"
1799
+ },
1800
+ {
1801
+ "type": "semgrep_id",
1802
+ "name": "flawfinder.getlogin-1",
1803
+ "value": "flawfinder.getlogin-1"
1804
+ },
1805
+ {
1806
+ "type": "semgrep_id",
1807
+ "name": "flawfinder.getpass-1",
1808
+ "value": "flawfinder.getpass-1"
1809
+ },
1810
+ {
1811
+ "type": "semgrep_id",
1812
+ "name": "flawfinder.gets-1._getts-1",
1813
+ "value": "flawfinder.gets-1._getts-1"
1814
+ },
1815
+ {
1816
+ "type": "semgrep_id",
1817
+ "name": "flawfinder.getwd-1",
1818
+ "value": "flawfinder.getwd-1"
1819
+ },
1820
+ {
1821
+ "type": "semgrep_id",
1822
+ "name": "flawfinder.gsignal-1.ssignal-1",
1823
+ "value": "flawfinder.gsignal-1.ssignal-1"
1824
+ },
1825
+ {
1826
+ "type": "semgrep_id",
1827
+ "name": "flawfinder.lstrcat-1.wcscat-1._tcscat-1._mbscat-1",
1828
+ "value": "flawfinder.lstrcat-1.wcscat-1._tcscat-1._mbscat-1"
1829
+ },
1830
+ {
1831
+ "type": "semgrep_id",
1832
+ "name": "flawfinder.lstrcatn-1.wcsncat-1._tcsncat-1._mbsnbcat-1",
1833
+ "value": "flawfinder.lstrcatn-1.wcsncat-1._tcsncat-1._mbsnbcat-1"
1834
+ },
1835
+ {
1836
+ "type": "semgrep_id",
1837
+ "name": "flawfinder.lstrcpy-1.wcscpy-1._tcscpy-1._mbscpy-1",
1838
+ "value": "flawfinder.lstrcpy-1.wcscpy-1._tcscpy-1._mbscpy-1"
1839
+ },
1840
+ {
1841
+ "type": "semgrep_id",
1842
+ "name": "flawfinder.lstrcpyn-1.wcsncpy-1._tcsncpy-1._mbsnbcpy-1",
1843
+ "value": "flawfinder.lstrcpyn-1.wcsncpy-1._tcsncpy-1._mbsnbcpy-1"
1844
+ },
1845
+ {
1846
+ "type": "semgrep_id",
1847
+ "name": "flawfinder.memalign-1",
1848
+ "value": "flawfinder.memalign-1"
1849
+ },
1850
+ {
1851
+ "type": "semgrep_id",
1852
+ "name": "flawfinder.memcpy-1.CopyMemory-1.bcopy-1",
1853
+ "value": "flawfinder.memcpy-1.CopyMemory-1.bcopy-1"
1854
+ },
1855
+ {
1856
+ "type": "semgrep_id",
1857
+ "name": "flawfinder.mkstemp-1",
1858
+ "value": "flawfinder.mkstemp-1"
1859
+ },
1860
+ {
1861
+ "type": "semgrep_id",
1862
+ "name": "flawfinder.mktemp-1",
1863
+ "value": "flawfinder.mktemp-1"
1864
+ },
1865
+ {
1866
+ "type": "semgrep_id",
1867
+ "name": "flawfinder.printf-1.vprintf-1.vwprintf-1.vfwprintf-1._vtprintf-1.wprintf-1",
1868
+ "value": "flawfinder.printf-1.vprintf-1.vwprintf-1.vfwprintf-1._vtprintf-1.wprintf-1"
1869
+ },
1870
+ {
1871
+ "type": "semgrep_id",
1872
+ "name": "flawfinder.readlink-1",
1873
+ "value": "flawfinder.readlink-1"
1874
+ },
1875
+ {
1876
+ "type": "semgrep_id",
1877
+ "name": "flawfinder.realpath-1",
1878
+ "value": "flawfinder.realpath-1"
1879
+ },
1880
+ {
1881
+ "type": "semgrep_id",
1882
+ "name": "flawfinder.scanf-1.vscanf-1.wscanf-1._tscanf-1.vwscanf-1",
1883
+ "value": "flawfinder.scanf-1.vscanf-1.wscanf-1._tscanf-1.vwscanf-1"
1884
+ },
1885
+ {
1886
+ "type": "semgrep_id",
1887
+ "name": "flawfinder.snprintf-1.vsnprintf-1._snprintf-1._sntprintf-1._vsntprintf-1",
1888
+ "value": "flawfinder.snprintf-1.vsnprintf-1._snprintf-1._sntprintf-1._vsntprintf-1"
1889
+ },
1890
+ {
1891
+ "type": "semgrep_id",
1892
+ "name": "flawfinder.sprintf-1.vsprintf-1.swprintf-1.vswprintf-1._stprintf-1._vstprintf-1",
1893
+ "value": "flawfinder.sprintf-1.vsprintf-1.swprintf-1.vswprintf-1._stprintf-1._vstprintf-1"
1894
+ },
1895
+ {
1896
+ "type": "semgrep_id",
1897
+ "name": "flawfinder.strcat-1",
1898
+ "value": "flawfinder.strcat-1"
1899
+ },
1900
+ {
1901
+ "type": "semgrep_id",
1902
+ "name": "flawfinder.strccpy-1.strcadd-1",
1903
+ "value": "flawfinder.strccpy-1.strcadd-1"
1904
+ },
1905
+ {
1906
+ "type": "semgrep_id",
1907
+ "name": "flawfinder.strcpy-1",
1908
+ "value": "flawfinder.strcpy-1"
1909
+ },
1910
+ {
1911
+ "type": "semgrep_id",
1912
+ "name": "flawfinder.strcpyA-1.strcpyW-1.StrCpy-1.StrCpyA-1.lstrcpyA-1.lstrcpyW-1._tccpy-1._mbccpy-1._ftcscpy-1._mbsncpy-1.StrCpyN-1.StrCpyNA-1.StrCpyNW-1.StrNCpy-1.strcpynA-1.StrNCpyA-1.StrNCpyW-1.lstrcpynA-1.lstrcpynW-1",
1913
+ "value": "flawfinder.strcpyA-1.strcpyW-1.StrCpy-1.StrCpyA-1.lstrcpyA-1.lstrcpyW-1._tccpy-1._mbccpy-1._ftcscpy-1._mbsncpy-1.StrCpyN-1.StrCpyNA-1.StrCpyNW-1.StrNCpy-1.strcpynA-1.StrNCpyA-1.StrNCpyW-1.lstrcpynA-1.lstrcpynW-1"
1914
+ },
1915
+ {
1916
+ "type": "semgrep_id",
1917
+ "name": "flawfinder.streadd-1.strecpy-1",
1918
+ "value": "flawfinder.streadd-1.strecpy-1"
1919
+ },
1920
+ {
1921
+ "type": "semgrep_id",
1922
+ "name": "flawfinder.strlen-1.wcslen-1._tcslen-1._mbslen-1",
1923
+ "value": "flawfinder.strlen-1.wcslen-1._tcslen-1._mbslen-1"
1924
+ },
1925
+ {
1926
+ "type": "semgrep_id",
1927
+ "name": "flawfinder.strncat-1",
1928
+ "value": "flawfinder.strncat-1"
1929
+ },
1930
+ {
1931
+ "type": "semgrep_id",
1932
+ "name": "flawfinder.strncpy-1",
1933
+ "value": "flawfinder.strncpy-1"
1934
+ },
1935
+ {
1936
+ "type": "semgrep_id",
1937
+ "name": "flawfinder.strtrns-1",
1938
+ "value": "flawfinder.strtrns-1"
1939
+ },
1940
+ {
1941
+ "type": "semgrep_id",
1942
+ "name": "flawfinder.syslog-1",
1943
+ "value": "flawfinder.syslog-1"
1944
+ },
1945
+ {
1946
+ "type": "semgrep_id",
1947
+ "name": "flawfinder.system-1",
1948
+ "value": "flawfinder.system-1"
1949
+ },
1950
+ {
1951
+ "type": "semgrep_id",
1952
+ "name": "flawfinder.tmpfile-1",
1953
+ "value": "flawfinder.tmpfile-1"
1954
+ },
1955
+ {
1956
+ "type": "semgrep_id",
1957
+ "name": "flawfinder.tmpnam-1.tempnam-1",
1958
+ "value": "flawfinder.tmpnam-1.tempnam-1"
1959
+ },
1960
+ {
1961
+ "type": "semgrep_id",
1962
+ "name": "flawfinder.ulimit-1",
1963
+ "value": "flawfinder.ulimit-1"
1964
+ },
1965
+ {
1966
+ "type": "semgrep_id",
1967
+ "name": "flawfinder.umask-1",
1968
+ "value": "flawfinder.umask-1"
1969
+ },
1970
+ {
1971
+ "type": "semgrep_id",
1972
+ "name": "flawfinder.usleep-1",
1973
+ "value": "flawfinder.usleep-1"
1974
+ },
1975
+ {
1976
+ "type": "semgrep_id",
1977
+ "name": "flawfinder.vfork-1",
1978
+ "value": "flawfinder.vfork-1"
1979
+ },
1980
+ {
1981
+ "type": "semgrep_id",
1982
+ "name": "generic_injection_rule-BiDiTrojanSource",
1983
+ "value": "generic_injection_rule-BiDiTrojanSource"
1984
+ },
1985
+ {
1986
+ "type": "semgrep_id",
1987
+ "name": "gosec.G102-1",
1988
+ "value": "gosec.G102-1"
1989
+ },
1990
+ {
1991
+ "type": "semgrep_id",
1992
+ "name": "gosec.G103-1",
1993
+ "value": "gosec.G103-1"
1994
+ },
1995
+ {
1996
+ "type": "semgrep_id",
1997
+ "name": "gosec.G106-1",
1998
+ "value": "gosec.G106-1"
1999
+ },
2000
+ {
2001
+ "type": "semgrep_id",
2002
+ "name": "gosec.G107-1",
2003
+ "value": "gosec.G107-1"
2004
+ },
2005
+ {
2006
+ "type": "semgrep_id",
2007
+ "name": "gosec.G108-1",
2008
+ "value": "gosec.G108-1"
2009
+ },
2010
+ {
2011
+ "type": "semgrep_id",
2012
+ "name": "gosec.G109-1",
2013
+ "value": "gosec.G109-1"
2014
+ },
2015
+ {
2016
+ "type": "semgrep_id",
2017
+ "name": "gosec.G110-1",
2018
+ "value": "gosec.G110-1"
2019
+ },
2020
+ {
2021
+ "type": "semgrep_id",
2022
+ "name": "gosec.G111-1",
2023
+ "value": "gosec.G111-1"
2024
+ },
2025
+ {
2026
+ "type": "semgrep_id",
2027
+ "name": "gosec.G114-1",
2028
+ "value": "gosec.G114-1"
2029
+ },
2030
+ {
2031
+ "type": "semgrep_id",
2032
+ "name": "gosec.G202-1",
2033
+ "value": "gosec.G202-1"
2034
+ },
2035
+ {
2036
+ "type": "semgrep_id",
2037
+ "name": "gosec.G203-1",
2038
+ "value": "gosec.G203-1"
2039
+ },
2040
+ {
2041
+ "type": "semgrep_id",
2042
+ "name": "gosec.G204-1",
2043
+ "value": "gosec.G204-1"
2044
+ },
2045
+ {
2046
+ "type": "semgrep_id",
2047
+ "name": "gosec.G301-1",
2048
+ "value": "gosec.G301-1"
2049
+ },
2050
+ {
2051
+ "type": "semgrep_id",
2052
+ "name": "gosec.G302-1",
2053
+ "value": "gosec.G302-1"
2054
+ },
2055
+ {
2056
+ "type": "semgrep_id",
2057
+ "name": "gosec.G303-1",
2058
+ "value": "gosec.G303-1"
2059
+ },
2060
+ {
2061
+ "type": "semgrep_id",
2062
+ "name": "gosec.G304-1",
2063
+ "value": "gosec.G304-1"
2064
+ },
2065
+ {
2066
+ "type": "semgrep_id",
2067
+ "name": "gosec.G305-1",
2068
+ "value": "gosec.G305-1"
2069
+ },
2070
+ {
2071
+ "type": "semgrep_id",
2072
+ "name": "gosec.G306-1",
2073
+ "value": "gosec.G306-1"
2074
+ },
2075
+ {
2076
+ "type": "semgrep_id",
2077
+ "name": "gosec.G402-1",
2078
+ "value": "gosec.G402-1"
2079
+ },
2080
+ {
2081
+ "type": "semgrep_id",
2082
+ "name": "gosec.G402-2",
2083
+ "value": "gosec.G402-2"
2084
+ },
2085
+ {
2086
+ "type": "semgrep_id",
2087
+ "name": "gosec.G403-1",
2088
+ "value": "gosec.G403-1"
2089
+ },
2090
+ {
2091
+ "type": "semgrep_id",
2092
+ "name": "gosec.G404-1",
2093
+ "value": "gosec.G404-1"
2094
+ },
2095
+ {
2096
+ "type": "semgrep_id",
2097
+ "name": "gosec.G501-1",
2098
+ "value": "gosec.G501-1"
2099
+ },
2100
+ {
2101
+ "type": "semgrep_id",
2102
+ "name": "gosec.G502-1",
2103
+ "value": "gosec.G502-1"
2104
+ },
2105
+ {
2106
+ "type": "semgrep_id",
2107
+ "name": "gosec.G503-1",
2108
+ "value": "gosec.G503-1"
2109
+ },
2110
+ {
2111
+ "type": "semgrep_id",
2112
+ "name": "gosec.G505-1",
2113
+ "value": "gosec.G505-1"
2114
+ },
2115
+ {
2116
+ "type": "semgrep_id",
2117
+ "name": "gosec.G601-1",
2118
+ "value": "gosec.G601-1"
2119
+ },
2120
+ {
2121
+ "type": "semgrep_id",
2122
+ "name": "java_cookie_rule-CookieHTTPOnly",
2123
+ "value": "java_cookie_rule-CookieHTTPOnly"
2124
+ },
2125
+ {
2126
+ "type": "semgrep_id",
2127
+ "name": "java_crypto_rule-DisallowOldTLSVersion",
2128
+ "value": "java_crypto_rule-DisallowOldTLSVersion"
2129
+ },
2130
+ {
2131
+ "type": "semgrep_id",
2132
+ "name": "java_crypto_rule-GCMNonceReuse",
2133
+ "value": "java_crypto_rule-GCMNonceReuse"
2134
+ },
2135
+ {
2136
+ "type": "semgrep_id",
2137
+ "name": "java_crypto_rule-HTTPUrlConnectionHTTPRequest",
2138
+ "value": "java_crypto_rule-HTTPUrlConnectionHTTPRequest"
2139
+ },
2140
+ {
2141
+ "type": "semgrep_id",
2142
+ "name": "java_crypto_rule-HttpComponentsRequest",
2143
+ "value": "java_crypto_rule-HttpComponentsRequest"
2144
+ },
2145
+ {
2146
+ "type": "semgrep_id",
2147
+ "name": "java_crypto_rule-HttpGetHTTPRequest",
2148
+ "value": "java_crypto_rule-HttpGetHTTPRequest"
2149
+ },
2150
+ {
2151
+ "type": "semgrep_id",
2152
+ "name": "java_crypto_rule-SocketRequestUnsafeProtocols",
2153
+ "value": "java_crypto_rule-SocketRequestUnsafeProtocols"
2154
+ },
2155
+ {
2156
+ "type": "semgrep_id",
2157
+ "name": "java_crypto_rule-SpringFTPRequest",
2158
+ "value": "java_crypto_rule-SpringFTPRequest"
2159
+ },
2160
+ {
2161
+ "type": "semgrep_id",
2162
+ "name": "java_crypto_rule-SpringHTTPRequestRestTemplate",
2163
+ "value": "java_crypto_rule-SpringHTTPRequestRestTemplate"
2164
+ },
2165
+ {
2166
+ "type": "semgrep_id",
2167
+ "name": "java_crypto_rule-TLSUnsafeRenegotiation",
2168
+ "value": "java_crypto_rule-TLSUnsafeRenegotiation"
2169
+ },
2170
+ {
2171
+ "type": "semgrep_id",
2172
+ "name": "java_crypto_rule-TelnetRequest",
2173
+ "value": "java_crypto_rule-TelnetRequest"
2174
+ },
2175
+ {
2176
+ "type": "semgrep_id",
2177
+ "name": "java_crypto_rule-UnirestHTTPRequest",
2178
+ "value": "java_crypto_rule-UnirestHTTPRequest"
2179
+ },
2180
+ {
2181
+ "type": "semgrep_id",
2182
+ "name": "java_crypto_rule-UseOfRC2",
2183
+ "value": "java_crypto_rule-UseOfRC2"
2184
+ },
2185
+ {
2186
+ "type": "semgrep_id",
2187
+ "name": "java_crypto_rule-UseOfRC4",
2188
+ "value": "java_crypto_rule-UseOfRC4"
2189
+ },
2190
+ {
2191
+ "type": "semgrep_id",
2192
+ "name": "java_crypto_rule_JwtDecodeWithoutVerify",
2193
+ "value": "java_crypto_rule_JwtDecodeWithoutVerify"
2194
+ },
2195
+ {
2196
+ "type": "semgrep_id",
2197
+ "name": "java_crypto_rule_JwtNoneAlgorithm",
2198
+ "value": "java_crypto_rule_JwtNoneAlgorithm"
2199
+ },
2200
+ {
2201
+ "type": "semgrep_id",
2202
+ "name": "java_csrf_rule-SpringCSRFDisabled",
2203
+ "value": "java_csrf_rule-SpringCSRFDisabled"
2204
+ },
2205
+ {
2206
+ "type": "semgrep_id",
2207
+ "name": "java_csrf_rule-UnrestrictedRequestMapping",
2208
+ "value": "java_csrf_rule-UnrestrictedRequestMapping"
2209
+ },
2210
+ {
2211
+ "type": "semgrep_id",
2212
+ "name": "java_deserialization_rule-InsecureDeserialization",
2213
+ "value": "java_deserialization_rule-InsecureDeserialization"
2214
+ },
2215
+ {
2216
+ "type": "semgrep_id",
2217
+ "name": "java_deserialization_rule-InsecureJmsDeserialization",
2218
+ "value": "java_deserialization_rule-InsecureJmsDeserialization"
2219
+ },
2220
+ {
2221
+ "type": "semgrep_id",
2222
+ "name": "java_deserialization_rule-JacksonUnsafeDeserialization",
2223
+ "value": "java_deserialization_rule-JacksonUnsafeDeserialization"
2224
+ },
2225
+ {
2226
+ "type": "semgrep_id",
2227
+ "name": "java_deserialization_rule-ServerDangerousObjectDeserialization",
2228
+ "value": "java_deserialization_rule-ServerDangerousObjectDeserialization"
2229
+ },
2230
+ {
2231
+ "type": "semgrep_id",
2232
+ "name": "java_deserialization_rule-SnakeYamlConstructor",
2233
+ "value": "java_deserialization_rule-SnakeYamlConstructor"
2234
+ },
2235
+ {
2236
+ "type": "semgrep_id",
2237
+ "name": "java_endpoint_rule-ManuallyConstructedURLs",
2238
+ "value": "java_endpoint_rule-ManuallyConstructedURLs"
2239
+ },
2240
+ {
2241
+ "type": "semgrep_id",
2242
+ "name": "java_file_rule-FilePathTraversalHttpServlet",
2243
+ "value": "java_file_rule-FilePathTraversalHttpServlet"
2244
+ },
2245
+ {
2246
+ "type": "semgrep_id",
2247
+ "name": "java_ftp_rule-FTPInsecureTransport",
2248
+ "value": "java_ftp_rule-FTPInsecureTransport"
2249
+ },
2250
+ {
2251
+ "type": "semgrep_id",
2252
+ "name": "java_inject_rule-DangerousGroovyShell",
2253
+ "value": "java_inject_rule-DangerousGroovyShell"
2254
+ },
2255
+ {
2256
+ "type": "semgrep_id",
2257
+ "name": "java_inject_rule-EnvInjection",
2258
+ "value": "java_inject_rule-EnvInjection"
2259
+ },
2260
+ {
2261
+ "type": "semgrep_id",
2262
+ "name": "java_inject_rule-MongodbNoSQLi",
2263
+ "value": "java_inject_rule-MongodbNoSQLi"
2264
+ },
2265
+ {
2266
+ "type": "semgrep_id",
2267
+ "name": "java_inject_rule-SeamLogInjection",
2268
+ "value": "java_inject_rule-SeamLogInjection"
2269
+ },
2270
+ {
2271
+ "type": "semgrep_id",
2272
+ "name": "java_inject_rule-SqlInjection",
2273
+ "value": "java_inject_rule-SqlInjection"
2274
+ },
2275
+ {
2276
+ "type": "semgrep_id",
2277
+ "name": "java_traversal_rule-RelativePathTraversal",
2278
+ "value": "java_traversal_rule-RelativePathTraversal"
2279
+ },
2280
+ {
2281
+ "type": "semgrep_id",
2282
+ "name": "java_xpathi_rule-XpathInjection",
2283
+ "value": "java_xpathi_rule-XpathInjection"
2284
+ },
2285
+ {
2286
+ "type": "semgrep_id",
2287
+ "name": "java_xxe_rule-DisallowDoctypeDeclFalse",
2288
+ "value": "java_xxe_rule-DisallowDoctypeDeclFalse"
2289
+ },
2290
+ {
2291
+ "type": "semgrep_id",
2292
+ "name": "java_xxe_rule-DocumentBuilderFactoryDisallowDoctypeDeclMissing",
2293
+ "value": "java_xxe_rule-DocumentBuilderFactoryDisallowDoctypeDeclMissing"
2294
+ },
2295
+ {
2296
+ "type": "semgrep_id",
2297
+ "name": "java_xxe_rule-ExternalGeneralEntitiesTrue",
2298
+ "value": "java_xxe_rule-ExternalGeneralEntitiesTrue"
2299
+ },
2300
+ {
2301
+ "type": "semgrep_id",
2302
+ "name": "java_xxe_rule-ExternalParameterEntitiesTrue",
2303
+ "value": "java_xxe_rule-ExternalParameterEntitiesTrue"
2304
+ },
2305
+ {
2306
+ "type": "semgrep_id",
2307
+ "name": "java_xxe_rule-SAXParserFactoryDisallowDoctypeDeclMissing",
2308
+ "value": "java_xxe_rule-SAXParserFactoryDisallowDoctypeDeclMissing"
2309
+ },
2310
+ {
2311
+ "type": "semgrep_id",
2312
+ "name": "java_xxe_rule-TransformerfactoryDTDNotDisabled",
2313
+ "value": "java_xxe_rule-TransformerfactoryDTDNotDisabled"
2314
+ },
2315
+ {
2316
+ "type": "semgrep_id",
2317
+ "name": "java_xxe_rule-XMLInputFactoryExternalEntitiesEnabled",
2318
+ "value": "java_xxe_rule-XMLInputFactoryExternalEntitiesEnabled"
2319
+ },
2320
+ {
2321
+ "type": "semgrep_id",
2322
+ "name": "java_xxe_rule-XMLStreamRdr",
2323
+ "value": "java_xxe_rule-XMLStreamRdr"
2324
+ },
2325
+ {
2326
+ "type": "semgrep_id",
2327
+ "name": "javascript_crypto_rule-NodeLibcurlSSLVerificationDisable",
2328
+ "value": "javascript_crypto_rule-NodeLibcurlSSLVerificationDisable"
2329
+ },
2330
+ {
2331
+ "type": "semgrep_id",
2332
+ "name": "javascript_exec_rule-child-process",
2333
+ "value": "javascript_exec_rule-child-process"
2334
+ },
2335
+ {
2336
+ "type": "semgrep_id",
2337
+ "name": "mobsf.java-webview-rule-ignore_ssl_certificate_errors",
2338
+ "value": "mobsf.java-webview-rule-ignore_ssl_certificate_errors"
2339
+ },
2340
+ {
2341
+ "type": "semgrep_id",
2342
+ "name": "mobsf.java-webview-rule-webview_debugging",
2343
+ "value": "mobsf.java-webview-rule-webview_debugging"
2344
+ },
2345
+ {
2346
+ "type": "semgrep_id",
2347
+ "name": "mobsf.java-webview-rule-webview_external_storage",
2348
+ "value": "mobsf.java-webview-rule-webview_external_storage"
2349
+ },
2350
+ {
2351
+ "type": "semgrep_id",
2352
+ "name": "mobsf.java-webview-rule-webview_set_allow_file_access",
2353
+ "value": "mobsf.java-webview-rule-webview_set_allow_file_access"
2354
+ },
2355
+ {
2356
+ "type": "semgrep_id",
2357
+ "name": "mobsf.kotlin-webview-rule-android_kotlin_webview_debug",
2358
+ "value": "mobsf.kotlin-webview-rule-android_kotlin_webview_debug"
2359
+ },
2360
+ {
2361
+ "type": "semgrep_id",
2362
+ "name": "mobsf.oc-other-rule-ios_self_signed_ssl",
2363
+ "value": "mobsf.oc-other-rule-ios_self_signed_ssl"
2364
+ },
2365
+ {
2366
+ "type": "semgrep_id",
2367
+ "name": "mobsf.oc-other-rule-ios_webview_ignore_ssl",
2368
+ "value": "mobsf.oc-other-rule-ios_webview_ignore_ssl"
2369
+ },
2370
+ {
2371
+ "type": "semgrep_id",
2372
+ "name": "mobsf.swift-other-rule-ios_biometric_acl",
2373
+ "value": "mobsf.swift-other-rule-ios_biometric_acl"
2374
+ },
2375
+ {
2376
+ "type": "semgrep_id",
2377
+ "name": "mobsf.swift-other-rule-ios_dtls1_used",
2378
+ "value": "mobsf.swift-other-rule-ios_dtls1_used"
2379
+ },
2380
+ {
2381
+ "type": "semgrep_id",
2382
+ "name": "mobsf.swift-other-rule-ios_file_no_special",
2383
+ "value": "mobsf.swift-other-rule-ios_file_no_special"
2384
+ },
2385
+ {
2386
+ "type": "semgrep_id",
2387
+ "name": "mobsf.swift-other-rule-ios_keychain_weak_accessibility_value",
2388
+ "value": "mobsf.swift-other-rule-ios_keychain_weak_accessibility_value"
2389
+ },
2390
+ {
2391
+ "type": "semgrep_id",
2392
+ "name": "mobsf.swift-other-rule-ios_tls3_not_used",
2393
+ "value": "mobsf.swift-other-rule-ios_tls3_not_used"
2394
+ },
2395
+ {
2396
+ "type": "semgrep_id",
2397
+ "name": "nodejs_scan.javascript-crypto-rule-node_aes_ecb",
2398
+ "value": "nodejs_scan.javascript-crypto-rule-node_aes_ecb"
2399
+ },
2400
+ {
2401
+ "type": "semgrep_id",
2402
+ "name": "nodejs_scan.javascript-crypto-rule-node_aes_noiv",
2403
+ "value": "nodejs_scan.javascript-crypto-rule-node_aes_noiv"
2404
+ },
2405
+ {
2406
+ "type": "semgrep_id",
2407
+ "name": "nodejs_scan.javascript-crypto-rule-node_insecure_random_generator",
2408
+ "value": "nodejs_scan.javascript-crypto-rule-node_insecure_random_generator"
2409
+ },
2410
+ {
2411
+ "type": "semgrep_id",
2412
+ "name": "nodejs_scan.javascript-crypto-rule-node_md5",
2413
+ "value": "nodejs_scan.javascript-crypto-rule-node_md5"
2414
+ },
2415
+ {
2416
+ "type": "semgrep_id",
2417
+ "name": "nodejs_scan.javascript-crypto-rule-node_sha1",
2418
+ "value": "nodejs_scan.javascript-crypto-rule-node_sha1"
2419
+ },
2420
+ {
2421
+ "type": "semgrep_id",
2422
+ "name": "nodejs_scan.javascript-crypto-rule-node_timing_attack",
2423
+ "value": "nodejs_scan.javascript-crypto-rule-node_timing_attack"
2424
+ },
2425
+ {
2426
+ "type": "semgrep_id",
2427
+ "name": "nodejs_scan.javascript-crypto-rule-node_tls_reject",
2428
+ "value": "nodejs_scan.javascript-crypto-rule-node_tls_reject"
2429
+ },
2430
+ {
2431
+ "type": "semgrep_id",
2432
+ "name": "nodejs_scan.javascript-crypto-rule-node_weak_crypto",
2433
+ "value": "nodejs_scan.javascript-crypto-rule-node_weak_crypto"
2434
+ },
2435
+ {
2436
+ "type": "semgrep_id",
2437
+ "name": "nodejs_scan.javascript-database-rule-node_knex_sqli_injection",
2438
+ "value": "nodejs_scan.javascript-database-rule-node_knex_sqli_injection"
2439
+ },
2440
+ {
2441
+ "type": "semgrep_id",
2442
+ "name": "nodejs_scan.javascript-database-rule-node_nosqli_injection",
2443
+ "value": "nodejs_scan.javascript-database-rule-node_nosqli_injection"
2444
+ },
2445
+ {
2446
+ "type": "semgrep_id",
2447
+ "name": "nodejs_scan.javascript-database-rule-node_nosqli_js_injection",
2448
+ "value": "nodejs_scan.javascript-database-rule-node_nosqli_js_injection"
2449
+ },
2450
+ {
2451
+ "type": "semgrep_id",
2452
+ "name": "nodejs_scan.javascript-database-rule-node_sqli_injection",
2453
+ "value": "nodejs_scan.javascript-database-rule-node_sqli_injection"
2454
+ },
2455
+ {
2456
+ "type": "semgrep_id",
2457
+ "name": "nodejs_scan.javascript-database-rule-sequelize_tls",
2458
+ "value": "nodejs_scan.javascript-database-rule-sequelize_tls"
2459
+ },
2460
+ {
2461
+ "type": "semgrep_id",
2462
+ "name": "nodejs_scan.javascript-database-rule-sequelize_tls_cert_validation",
2463
+ "value": "nodejs_scan.javascript-database-rule-sequelize_tls_cert_validation"
2464
+ },
2465
+ {
2466
+ "type": "semgrep_id",
2467
+ "name": "nodejs_scan.javascript-database-rule-sequelize_weak_tls",
2468
+ "value": "nodejs_scan.javascript-database-rule-sequelize_weak_tls"
2469
+ },
2470
+ {
2471
+ "type": "semgrep_id",
2472
+ "name": "nodejs_scan.javascript-dos-rule-layer7_object_dos",
2473
+ "value": "nodejs_scan.javascript-dos-rule-layer7_object_dos"
2474
+ },
2475
+ {
2476
+ "type": "semgrep_id",
2477
+ "name": "nodejs_scan.javascript-dos-rule-regex_dos",
2478
+ "value": "nodejs_scan.javascript-dos-rule-regex_dos"
2479
+ },
2480
+ {
2481
+ "type": "semgrep_id",
2482
+ "name": "nodejs_scan.javascript-electronjs-rule-electron_allow_http",
2483
+ "value": "nodejs_scan.javascript-electronjs-rule-electron_allow_http"
2484
+ },
2485
+ {
2486
+ "type": "semgrep_id",
2487
+ "name": "nodejs_scan.javascript-electronjs-rule-electron_blink_integration",
2488
+ "value": "nodejs_scan.javascript-electronjs-rule-electron_blink_integration"
2489
+ },
2490
+ {
2491
+ "type": "semgrep_id",
2492
+ "name": "nodejs_scan.javascript-electronjs-rule-electron_context_isolation",
2493
+ "value": "nodejs_scan.javascript-electronjs-rule-electron_context_isolation"
2494
+ },
2495
+ {
2496
+ "type": "semgrep_id",
2497
+ "name": "nodejs_scan.javascript-electronjs-rule-electron_disable_websecurity",
2498
+ "value": "nodejs_scan.javascript-electronjs-rule-electron_disable_websecurity"
2499
+ },
2500
+ {
2501
+ "type": "semgrep_id",
2502
+ "name": "nodejs_scan.javascript-electronjs-rule-electron_experimental_features",
2503
+ "value": "nodejs_scan.javascript-electronjs-rule-electron_experimental_features"
2504
+ },
2505
+ {
2506
+ "type": "semgrep_id",
2507
+ "name": "nodejs_scan.javascript-electronjs-rule-electron_nodejs_integration",
2508
+ "value": "nodejs_scan.javascript-electronjs-rule-electron_nodejs_integration"
2509
+ },
2510
+ {
2511
+ "type": "semgrep_id",
2512
+ "name": "nodejs_scan.javascript-eval-rule-eval_nodejs",
2513
+ "value": "nodejs_scan.javascript-eval-rule-eval_nodejs"
2514
+ },
2515
+ {
2516
+ "type": "semgrep_id",
2517
+ "name": "nodejs_scan.javascript-eval-rule-eval_require",
2518
+ "value": "nodejs_scan.javascript-eval-rule-eval_require"
2519
+ },
2520
+ {
2521
+ "type": "semgrep_id",
2522
+ "name": "nodejs_scan.javascript-eval-rule-grpc_insecure_connection",
2523
+ "value": "nodejs_scan.javascript-eval-rule-grpc_insecure_connection"
2524
+ },
2525
+ {
2526
+ "type": "semgrep_id",
2527
+ "name": "nodejs_scan.javascript-eval-rule-node_deserialize",
2528
+ "value": "nodejs_scan.javascript-eval-rule-node_deserialize"
2529
+ },
2530
+ {
2531
+ "type": "semgrep_id",
2532
+ "name": "nodejs_scan.javascript-eval-rule-sandbox_code_injection",
2533
+ "value": "nodejs_scan.javascript-eval-rule-sandbox_code_injection"
2534
+ },
2535
+ {
2536
+ "type": "semgrep_id",
2537
+ "name": "nodejs_scan.javascript-eval-rule-serializetojs_deserialize",
2538
+ "value": "nodejs_scan.javascript-eval-rule-serializetojs_deserialize"
2539
+ },
2540
+ {
2541
+ "type": "semgrep_id",
2542
+ "name": "nodejs_scan.javascript-eval-rule-server_side_template_injection",
2543
+ "value": "nodejs_scan.javascript-eval-rule-server_side_template_injection"
2544
+ },
2545
+ {
2546
+ "type": "semgrep_id",
2547
+ "name": "nodejs_scan.javascript-eval-rule-vm2_code_injection",
2548
+ "value": "nodejs_scan.javascript-eval-rule-vm2_code_injection"
2549
+ },
2550
+ {
2551
+ "type": "semgrep_id",
2552
+ "name": "nodejs_scan.javascript-eval-rule-vm2_context_injection",
2553
+ "value": "nodejs_scan.javascript-eval-rule-vm2_context_injection"
2554
+ },
2555
+ {
2556
+ "type": "semgrep_id",
2557
+ "name": "nodejs_scan.javascript-eval-rule-vm_code_injection",
2558
+ "value": "nodejs_scan.javascript-eval-rule-vm_code_injection"
2559
+ },
2560
+ {
2561
+ "type": "semgrep_id",
2562
+ "name": "nodejs_scan.javascript-eval-rule-vm_compilefunction_injection",
2563
+ "value": "nodejs_scan.javascript-eval-rule-vm_compilefunction_injection"
2564
+ },
2565
+ {
2566
+ "type": "semgrep_id",
2567
+ "name": "nodejs_scan.javascript-eval-rule-vm_runincontext_injection",
2568
+ "value": "nodejs_scan.javascript-eval-rule-vm_runincontext_injection"
2569
+ },
2570
+ {
2571
+ "type": "semgrep_id",
2572
+ "name": "nodejs_scan.javascript-eval-rule-vm_runinnewcontext_injection",
2573
+ "value": "nodejs_scan.javascript-eval-rule-vm_runinnewcontext_injection"
2574
+ },
2575
+ {
2576
+ "type": "semgrep_id",
2577
+ "name": "nodejs_scan.javascript-eval-rule-yaml_deserialize",
2578
+ "value": "nodejs_scan.javascript-eval-rule-yaml_deserialize"
2579
+ },
2580
+ {
2581
+ "type": "semgrep_id",
2582
+ "name": "nodejs_scan.javascript-exec-rule-shelljs_os_command_exec",
2583
+ "value": "nodejs_scan.javascript-exec-rule-shelljs_os_command_exec"
2584
+ },
2585
+ {
2586
+ "type": "semgrep_id",
2587
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_default",
2588
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_default"
2589
+ },
2590
+ {
2591
+ "type": "semgrep_id",
2592
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_no_domain",
2593
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_no_domain"
2594
+ },
2595
+ {
2596
+ "type": "semgrep_id",
2597
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_no_httponly",
2598
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_no_httponly"
2599
+ },
2600
+ {
2601
+ "type": "semgrep_id",
2602
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_no_maxage",
2603
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_no_maxage"
2604
+ },
2605
+ {
2606
+ "type": "semgrep_id",
2607
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_no_path",
2608
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_no_path"
2609
+ },
2610
+ {
2611
+ "type": "semgrep_id",
2612
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_no_samesite",
2613
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_no_samesite"
2614
+ },
2615
+ {
2616
+ "type": "semgrep_id",
2617
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_no_secure",
2618
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_no_secure"
2619
+ },
2620
+ {
2621
+ "type": "semgrep_id",
2622
+ "name": "nodejs_scan.javascript-headers-rule-express_cors",
2623
+ "value": "nodejs_scan.javascript-headers-rule-express_cors"
2624
+ },
2625
+ {
2626
+ "type": "semgrep_id",
2627
+ "name": "nodejs_scan.javascript-headers-rule-generic_cors",
2628
+ "value": "nodejs_scan.javascript-headers-rule-generic_cors"
2629
+ },
2630
+ {
2631
+ "type": "semgrep_id",
2632
+ "name": "nodejs_scan.javascript-headers-rule-generic_header_injection",
2633
+ "value": "nodejs_scan.javascript-headers-rule-generic_header_injection"
2634
+ },
2635
+ {
2636
+ "type": "semgrep_id",
2637
+ "name": "nodejs_scan.javascript-headers-rule-header_xss_generic",
2638
+ "value": "nodejs_scan.javascript-headers-rule-header_xss_generic"
2639
+ },
2640
+ {
2641
+ "type": "semgrep_id",
2642
+ "name": "nodejs_scan.javascript-headers-rule-header_xss_lusca",
2643
+ "value": "nodejs_scan.javascript-headers-rule-header_xss_lusca"
2644
+ },
2645
+ {
2646
+ "type": "semgrep_id",
2647
+ "name": "nodejs_scan.javascript-headers-rule-helmet_feature_disabled",
2648
+ "value": "nodejs_scan.javascript-headers-rule-helmet_feature_disabled"
2649
+ },
2650
+ {
2651
+ "type": "semgrep_id",
2652
+ "name": "nodejs_scan.javascript-headers-rule-host_header_injection",
2653
+ "value": "nodejs_scan.javascript-headers-rule-host_header_injection"
2654
+ },
2655
+ {
2656
+ "type": "semgrep_id",
2657
+ "name": "nodejs_scan.javascript-jwt-rule-hardcoded_jwt_secret",
2658
+ "value": "nodejs_scan.javascript-jwt-rule-hardcoded_jwt_secret"
2659
+ },
2660
+ {
2661
+ "type": "semgrep_id",
2662
+ "name": "nodejs_scan.javascript-jwt-rule-jwt_exposed_credentials",
2663
+ "value": "nodejs_scan.javascript-jwt-rule-jwt_exposed_credentials"
2664
+ },
2665
+ {
2666
+ "type": "semgrep_id",
2667
+ "name": "nodejs_scan.javascript-jwt-rule-jwt_exposed_data",
2668
+ "value": "nodejs_scan.javascript-jwt-rule-jwt_exposed_data"
2669
+ },
2670
+ {
2671
+ "type": "semgrep_id",
2672
+ "name": "nodejs_scan.javascript-jwt-rule-jwt_express_hardcoded",
2673
+ "value": "nodejs_scan.javascript-jwt-rule-jwt_express_hardcoded"
2674
+ },
2675
+ {
2676
+ "type": "semgrep_id",
2677
+ "name": "nodejs_scan.javascript-jwt-rule-jwt_not_revoked",
2678
+ "value": "nodejs_scan.javascript-jwt-rule-jwt_not_revoked"
2679
+ },
2680
+ {
2681
+ "type": "semgrep_id",
2682
+ "name": "nodejs_scan.javascript-jwt-rule-node_jwt_none_algorithm",
2683
+ "value": "nodejs_scan.javascript-jwt-rule-node_jwt_none_algorithm"
2684
+ },
2685
+ {
2686
+ "type": "semgrep_id",
2687
+ "name": "nodejs_scan.javascript-redirect-rule-express_open_redirect",
2688
+ "value": "nodejs_scan.javascript-redirect-rule-express_open_redirect"
2689
+ },
2690
+ {
2691
+ "type": "semgrep_id",
2692
+ "name": "nodejs_scan.javascript-redirect-rule-express_open_redirect2",
2693
+ "value": "nodejs_scan.javascript-redirect-rule-express_open_redirect2"
2694
+ },
2695
+ {
2696
+ "type": "semgrep_id",
2697
+ "name": "nodejs_scan.javascript-ssrf-rule-node_ssrf",
2698
+ "value": "nodejs_scan.javascript-ssrf-rule-node_ssrf"
2699
+ },
2700
+ {
2701
+ "type": "semgrep_id",
2702
+ "name": "nodejs_scan.javascript-ssrf-rule-phantom_ssrf",
2703
+ "value": "nodejs_scan.javascript-ssrf-rule-phantom_ssrf"
2704
+ },
2705
+ {
2706
+ "type": "semgrep_id",
2707
+ "name": "nodejs_scan.javascript-ssrf-rule-playwright_ssrf",
2708
+ "value": "nodejs_scan.javascript-ssrf-rule-playwright_ssrf"
2709
+ },
2710
+ {
2711
+ "type": "semgrep_id",
2712
+ "name": "nodejs_scan.javascript-ssrf-rule-puppeteer_ssrf",
2713
+ "value": "nodejs_scan.javascript-ssrf-rule-puppeteer_ssrf"
2714
+ },
2715
+ {
2716
+ "type": "semgrep_id",
2717
+ "name": "nodejs_scan.javascript-ssrf-rule-wkhtmltoimage_ssrf",
2718
+ "value": "nodejs_scan.javascript-ssrf-rule-wkhtmltoimage_ssrf"
2719
+ },
2720
+ {
2721
+ "type": "semgrep_id",
2722
+ "name": "nodejs_scan.javascript-ssrf-rule-wkhtmltopdf_ssrf",
2723
+ "value": "nodejs_scan.javascript-ssrf-rule-wkhtmltopdf_ssrf"
2724
+ },
2725
+ {
2726
+ "type": "semgrep_id",
2727
+ "name": "nodejs_scan.javascript-traversal-rule-admzip_path_overwrite",
2728
+ "value": "nodejs_scan.javascript-traversal-rule-admzip_path_overwrite"
2729
+ },
2730
+ {
2731
+ "type": "semgrep_id",
2732
+ "name": "nodejs_scan.javascript-traversal-rule-express_lfr",
2733
+ "value": "nodejs_scan.javascript-traversal-rule-express_lfr"
2734
+ },
2735
+ {
2736
+ "type": "semgrep_id",
2737
+ "name": "nodejs_scan.javascript-traversal-rule-express_lfr_warning",
2738
+ "value": "nodejs_scan.javascript-traversal-rule-express_lfr_warning"
2739
+ },
2740
+ {
2741
+ "type": "semgrep_id",
2742
+ "name": "nodejs_scan.javascript-traversal-rule-generic_path_traversal",
2743
+ "value": "nodejs_scan.javascript-traversal-rule-generic_path_traversal"
2744
+ },
2745
+ {
2746
+ "type": "semgrep_id",
2747
+ "name": "nodejs_scan.javascript-traversal-rule-join_resolve_path_traversal",
2748
+ "value": "nodejs_scan.javascript-traversal-rule-join_resolve_path_traversal"
2749
+ },
2750
+ {
2751
+ "type": "semgrep_id",
2752
+ "name": "nodejs_scan.javascript-traversal-rule-tar_path_overwrite",
2753
+ "value": "nodejs_scan.javascript-traversal-rule-tar_path_overwrite"
2754
+ },
2755
+ {
2756
+ "type": "semgrep_id",
2757
+ "name": "nodejs_scan.javascript-traversal-rule-zip_path_overwrite",
2758
+ "value": "nodejs_scan.javascript-traversal-rule-zip_path_overwrite"
2759
+ },
2760
+ {
2761
+ "type": "semgrep_id",
2762
+ "name": "nodejs_scan.javascript-xml-rule-node_entity_expansion",
2763
+ "value": "nodejs_scan.javascript-xml-rule-node_entity_expansion"
2764
+ },
2765
+ {
2766
+ "type": "semgrep_id",
2767
+ "name": "nodejs_scan.javascript-xml-rule-node_xpath_injection",
2768
+ "value": "nodejs_scan.javascript-xml-rule-node_xpath_injection"
2769
+ },
2770
+ {
2771
+ "type": "semgrep_id",
2772
+ "name": "nodejs_scan.javascript-xml-rule-node_xxe",
2773
+ "value": "nodejs_scan.javascript-xml-rule-node_xxe"
2774
+ },
2775
+ {
2776
+ "type": "semgrep_id",
2777
+ "name": "nodejs_scan.javascript-xml-rule-xxe_expat",
2778
+ "value": "nodejs_scan.javascript-xml-rule-xxe_expat"
2779
+ },
2780
+ {
2781
+ "type": "semgrep_id",
2782
+ "name": "nodejs_scan.javascript-xss-rule-express_xss",
2783
+ "value": "nodejs_scan.javascript-xss-rule-express_xss"
2784
+ },
2785
+ {
2786
+ "type": "semgrep_id",
2787
+ "name": "nodejs_scan.javascript-xss-rule-handlebars_noescape",
2788
+ "value": "nodejs_scan.javascript-xss-rule-handlebars_noescape"
2789
+ },
2790
+ {
2791
+ "type": "semgrep_id",
2792
+ "name": "nodejs_scan.javascript-xss-rule-handlebars_safestring",
2793
+ "value": "nodejs_scan.javascript-xss-rule-handlebars_safestring"
2794
+ },
2795
+ {
2796
+ "type": "semgrep_id",
2797
+ "name": "nodejs_scan.javascript-xss-rule-squirrelly_autoescape",
2798
+ "value": "nodejs_scan.javascript-xss-rule-squirrelly_autoescape"
2799
+ },
2800
+ {
2801
+ "type": "semgrep_id",
2802
+ "name": "nodejs_scan.javascript-xss-rule-xss_disable_mustache_escape",
2803
+ "value": "nodejs_scan.javascript-xss-rule-xss_disable_mustache_escape"
2804
+ },
2805
+ {
2806
+ "type": "semgrep_id",
2807
+ "name": "nodejs_scan.javascript-xss-rule-xss_serialize_javascript",
2808
+ "value": "nodejs_scan.javascript-xss-rule-xss_serialize_javascript"
2809
+ },
2810
+ {
2811
+ "type": "semgrep_id",
2812
+ "name": "PHPCS_SecurityAudit.BadFunctions.Asserts.WarnFunctionHandling",
2813
+ "value": "PHPCS_SecurityAudit.BadFunctions.Asserts.WarnFunctionHandling"
2814
+ },
2815
+ {
2816
+ "type": "semgrep_id",
2817
+ "name": "PHPCS_SecurityAudit.BadFunctions.Backticks.WarnSystemExec",
2818
+ "value": "PHPCS_SecurityAudit.BadFunctions.Backticks.WarnSystemExec"
2819
+ },
2820
+ {
2821
+ "type": "semgrep_id",
2822
+ "name": "PHPCS_SecurityAudit.BadFunctions.CryptoFunctions.WarnCryptoFunc",
2823
+ "value": "PHPCS_SecurityAudit.BadFunctions.CryptoFunctions.WarnCryptoFunc"
2824
+ },
2825
+ {
2826
+ "type": "semgrep_id",
2827
+ "name": "PHPCS_SecurityAudit.BadFunctions.CryptoFunctions.WarnCryptoFunc",
2828
+ "value": "PHPCS_SecurityAudit.BadFunctions.CryptoFunctions.WarnCryptoFunc"
2829
+ },
2830
+ {
2831
+ "type": "semgrep_id",
2832
+ "name": "PHPCS_SecurityAudit.BadFunctions.FilesystemFunctions.WarnFilesystem",
2833
+ "value": "PHPCS_SecurityAudit.BadFunctions.FilesystemFunctions.WarnFilesystem"
2834
+ },
2835
+ {
2836
+ "type": "semgrep_id",
2837
+ "name": "PHPCS_SecurityAudit.BadFunctions.FringeFunctions.WarnFringestuff",
2838
+ "value": "PHPCS_SecurityAudit.BadFunctions.FringeFunctions.WarnFringestuff"
2839
+ },
2840
+ {
2841
+ "type": "semgrep_id",
2842
+ "name": "PHPCS_SecurityAudit.BadFunctions.NoEvals.NoEvals",
2843
+ "value": "PHPCS_SecurityAudit.BadFunctions.NoEvals.NoEvals"
2844
+ },
2845
+ {
2846
+ "type": "semgrep_id",
2847
+ "name": "PHPCS_SecurityAudit.BadFunctions.Phpinfos.WarnPhpinfo",
2848
+ "value": "PHPCS_SecurityAudit.BadFunctions.Phpinfos.WarnPhpinfo"
2849
+ },
2850
+ {
2851
+ "type": "semgrep_id",
2852
+ "name": "PHPCS_SecurityAudit.BadFunctions.SystemExecFunctions.WarnSystemExec",
2853
+ "value": "PHPCS_SecurityAudit.BadFunctions.SystemExecFunctions.WarnSystemExec"
2854
+ },
2855
+ {
2856
+ "type": "semgrep_id",
2857
+ "name": "properties_spring_rule-SpringActuatorFullyEnabled",
2858
+ "value": "properties_spring_rule-SpringActuatorFullyEnabled"
2859
+ },
2860
+ {
2861
+ "type": "semgrep_id",
2862
+ "name": "python_crypto_rule-HTTPConnectionPool",
2863
+ "value": "python_crypto_rule-HTTPConnectionPool"
2864
+ },
2865
+ {
2866
+ "type": "semgrep_id",
2867
+ "name": "python_exec_rule-start-process-partial-path",
2868
+ "value": "python_exec_rule-start-process-partial-path"
2869
+ },
2870
+ {
2871
+ "type": "semgrep_id",
2872
+ "name": "python_exec_rule-start-process-path",
2873
+ "value": "python_exec_rule-start-process-path"
2874
+ },
2875
+ {
2876
+ "type": "semgrep_id",
2877
+ "name": "python_exec_rule-subprocess-call-array",
2878
+ "value": "python_exec_rule-subprocess-call-array"
2879
+ },
2880
+ {
2881
+ "type": "semgrep_id",
2882
+ "name": "python_flask_rule-flask-open-redirect",
2883
+ "value": "python_flask_rule-flask-open-redirect"
2884
+ },
2885
+ {
2886
+ "type": "semgrep_id",
2887
+ "name": "python_flask_rule-flask-tainted-sql-string",
2888
+ "value": "python_flask_rule-flask-tainted-sql-string"
2889
+ },
2890
+ {
2891
+ "type": "semgrep_id",
2892
+ "name": "python_flask_rule-path-traversal-open",
2893
+ "value": "python_flask_rule-path-traversal-open"
2894
+ },
2895
+ {
2896
+ "type": "semgrep_id",
2897
+ "name": "python_jwt_rule-jwt-none-alg",
2898
+ "value": "python_jwt_rule-jwt-none-alg"
2899
+ },
2900
+ {
2901
+ "type": "semgrep_id",
2902
+ "name": "python_pyramid_rule-pyramid-csrf-origin-check",
2903
+ "value": "python_pyramid_rule-pyramid-csrf-origin-check"
2904
+ },
2905
+ {
2906
+ "type": "semgrep_id",
2907
+ "name": "scala_unsafe_rule-InformationExposureVariant2",
2908
+ "value": "scala_unsafe_rule-InformationExposureVariant2"
2909
+ },
2910
+ {
2911
+ "type": "semgrep_id",
2912
+ "name": "security_code_scan.SCS0001-1",
2913
+ "value": "security_code_scan.SCS0001-1"
2914
+ },
2915
+ {
2916
+ "type": "semgrep_id",
2917
+ "name": "security_code_scan.SCS0002-1",
2918
+ "value": "security_code_scan.SCS0002-1"
2919
+ },
2920
+ {
2921
+ "type": "semgrep_id",
2922
+ "name": "security_code_scan.SCS0003-1",
2923
+ "value": "security_code_scan.SCS0003-1"
2924
+ },
2925
+ {
2926
+ "type": "semgrep_id",
2927
+ "name": "security_code_scan.SCS0004-1",
2928
+ "value": "security_code_scan.SCS0004-1"
2929
+ },
2930
+ {
2931
+ "type": "semgrep_id",
2932
+ "name": "security_code_scan.SCS0005-1",
2933
+ "value": "security_code_scan.SCS0005-1"
2934
+ },
2935
+ {
2936
+ "type": "semgrep_id",
2937
+ "name": "security_code_scan.SCS0006-1",
2938
+ "value": "security_code_scan.SCS0006-1"
2939
+ },
2940
+ {
2941
+ "type": "semgrep_id",
2942
+ "name": "security_code_scan.SCS0008-1",
2943
+ "value": "security_code_scan.SCS0008-1"
2944
+ },
2945
+ {
2946
+ "type": "semgrep_id",
2947
+ "name": "security_code_scan.SCS0009-1",
2948
+ "value": "security_code_scan.SCS0009-1"
2949
+ },
2950
+ {
2951
+ "type": "semgrep_id",
2952
+ "name": "security_code_scan.SCS0010-1",
2953
+ "value": "security_code_scan.SCS0010-1"
2954
+ },
2955
+ {
2956
+ "type": "semgrep_id",
2957
+ "name": "security_code_scan.SCS0011-1",
2958
+ "value": "security_code_scan.SCS0011-1"
2959
+ },
2960
+ {
2961
+ "type": "semgrep_id",
2962
+ "name": "security_code_scan.SCS0013-1",
2963
+ "value": "security_code_scan.SCS0013-1"
2964
+ },
2965
+ {
2966
+ "type": "semgrep_id",
2967
+ "name": "security_code_scan.SCS0016-1",
2968
+ "value": "security_code_scan.SCS0016-1"
2969
+ },
2970
+ {
2971
+ "type": "semgrep_id",
2972
+ "name": "security_code_scan.SCS0017-1",
2973
+ "value": "security_code_scan.SCS0017-1"
2974
+ },
2975
+ {
2976
+ "type": "semgrep_id",
2977
+ "name": "security_code_scan.SCS0018-1",
2978
+ "value": "security_code_scan.SCS0018-1"
2979
+ },
2980
+ {
2981
+ "type": "semgrep_id",
2982
+ "name": "security_code_scan.SCS0026-1.SCS0031-1",
2983
+ "value": "security_code_scan.SCS0026-1.SCS0031-1"
2984
+ },
2985
+ {
2986
+ "type": "semgrep_id",
2987
+ "name": "security_code_scan.SCS0027-1",
2988
+ "value": "security_code_scan.SCS0027-1"
2989
+ },
2990
+ {
2991
+ "type": "semgrep_id",
2992
+ "name": "security_code_scan.SCS0028-1",
2993
+ "value": "security_code_scan.SCS0028-1"
2994
+ },
2995
+ {
2996
+ "type": "semgrep_id",
2997
+ "name": "security_code_scan.SCS0029-1",
2998
+ "value": "security_code_scan.SCS0029-1"
2999
+ },
3000
+ {
3001
+ "type": "semgrep_id",
3002
+ "name": "security_code_scan.SCS0029-2",
3003
+ "value": "security_code_scan.SCS0029-2"
3004
+ },
3005
+ {
3006
+ "type": "semgrep_id",
3007
+ "name": "security_code_scan.SCS0032-1.SCS0033-1.SCS0034-1",
3008
+ "value": "security_code_scan.SCS0032-1.SCS0033-1.SCS0034-1"
3009
+ },
3010
+ {
3011
+ "type": "semgrep_id",
3012
+ "name": "security_code_scan.SCS0035-1",
3013
+ "value": "security_code_scan.SCS0035-1"
3014
+ },
3015
+ {
3016
+ "type": "semgrep_id",
3017
+ "name": "security_code_scan.SCS0035-2",
3018
+ "value": "security_code_scan.SCS0035-2"
3019
+ },
3020
+ {
3021
+ "type": "semgrep_id",
3022
+ "name": "yaml_spring_rule-SpringActuatorFullyEnabled",
3023
+ "value": "yaml_spring_rule-SpringActuatorFullyEnabled"
3024
+ }
3025
+ ],
3026
+ "type": "sast",
3027
+ "start_time": "2025-06-24T14:07:18",
3028
+ "end_time": "2025-06-24T14:07:34",
3029
+ "status": "success",
3030
+ "observability": {
3031
+ "events": [
3032
+ {
3033
+ "event": "collect_sast_scan_metrics_from_pipeline",
3034
+ "property": "becd775d-582f-423d-b2f6-6f3395f738c8",
3035
+ "label": "semgrep",
3036
+ "value": 0,
3037
+ "version": "6.3.2",
3038
+ "exit_code": 0,
3039
+ "override_count": 0,
3040
+ "passthrough_count": 0,
3041
+ "custom_exclude_path_count": 0,
3042
+ "time_s": 15,
3043
+ "file_count": 321
3044
+ }
3045
+ ]
3046
+ }
3047
+ }
3048
+ }