@stordata/vsphere-soapify 1.0.20250618020759 → 1.0.20250722140755

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/gl-sast-report.json +3066 -0
  2. package/gl-sbom-npm-npm.cdx.json +9 -9
  3. package/package.json +3 -3
package/gl-sast-report.json ADDED
@@ -0,0 +1,3066 @@
1
+ {
2
+ "version": "15.1.4",
3
+ "vulnerabilities": [
4
+ {
5
+ "id": "8646136a771899e2fcd1f86f3216f6dd337537c591f09e104b0abd2422ecdd55",
6
+ "category": "sast",
7
+ "name": "Incorrect regular expression",
8
+ "description": "Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service.\n",
9
+ "cve": "semgrep_id:nodejs_scan.javascript-dos-rule-regex_dos:19:20",
10
+ "severity": "Medium",
11
+ "scanner": {
12
+ "id": "semgrep",
13
+ "name": "Semgrep"
14
+ },
15
+ "location": {
16
+ "file": "lib/parser.js",
17
+ "start_line": 19,
18
+ "end_line": 20
19
+ },
20
+ "identifiers": [
21
+ {
22
+ "type": "semgrep_id",
23
+ "name": "nodejs_scan.javascript-dos-rule-regex_dos",
24
+ "value": "nodejs_scan.javascript-dos-rule-regex_dos"
25
+ },
26
+ {
27
+ "type": "cwe",
28
+ "name": "CWE-185",
29
+ "value": "185",
30
+ "url": "https://cwe.mitre.org/data/definitions/185.html"
31
+ },
32
+ {
33
+ "type": "owasp",
34
+ "name": "A05:2021 - Security Misconfiguration",
35
+ "value": "A05:2021"
36
+ },
37
+ {
38
+ "type": "owasp",
39
+ "name": "A6:2017 - Security Misconfiguration",
40
+ "value": "A6:2017"
41
+ },
42
+ {
43
+ "type": "njsscan_rule_type",
44
+ "name": "NodeJS Scan ID javascript-dos-rule-regex_dos",
45
+ "value": "Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service."
46
+ }
47
+ ]
48
+ }
49
+ ],
50
+ "scan": {
51
+ "analyzer": {
52
+ "id": "semgrep",
53
+ "name": "Semgrep",
54
+ "url": "https://gitlab.com/gitlab-org/security-products/analyzers/semgrep",
55
+ "vendor": {
56
+ "name": "GitLab"
57
+ },
58
+ "version": "6.5.0"
59
+ },
60
+ "scanner": {
61
+ "id": "semgrep",
62
+ "name": "Semgrep",
63
+ "url": "https://github.com/returntocorp/semgrep",
64
+ "vendor": {
65
+ "name": "GitLab"
66
+ },
67
+ "version": "1.118.0"
68
+ },
69
+ "primary_identifiers": [
70
+ {
71
+ "type": "semgrep_id",
72
+ "name": "bandit.B101",
73
+ "value": "bandit.B101"
74
+ },
75
+ {
76
+ "type": "semgrep_id",
77
+ "name": "bandit.B102",
78
+ "value": "bandit.B102"
79
+ },
80
+ {
81
+ "type": "semgrep_id",
82
+ "name": "bandit.B103",
83
+ "value": "bandit.B103"
84
+ },
85
+ {
86
+ "type": "semgrep_id",
87
+ "name": "bandit.B104",
88
+ "value": "bandit.B104"
89
+ },
90
+ {
91
+ "type": "semgrep_id",
92
+ "name": "bandit.B108",
93
+ "value": "bandit.B108"
94
+ },
95
+ {
96
+ "type": "semgrep_id",
97
+ "name": "bandit.B113",
98
+ "value": "bandit.B113"
99
+ },
100
+ {
101
+ "type": "semgrep_id",
102
+ "name": "bandit.B201",
103
+ "value": "bandit.B201"
104
+ },
105
+ {
106
+ "type": "semgrep_id",
107
+ "name": "bandit.B202",
108
+ "value": "bandit.B202"
109
+ },
110
+ {
111
+ "type": "semgrep_id",
112
+ "name": "bandit.B301-1",
113
+ "value": "bandit.B301-1"
114
+ },
115
+ {
116
+ "type": "semgrep_id",
117
+ "name": "bandit.B301-2",
118
+ "value": "bandit.B301-2"
119
+ },
120
+ {
121
+ "type": "semgrep_id",
122
+ "name": "bandit.B301-3",
123
+ "value": "bandit.B301-3"
124
+ },
125
+ {
126
+ "type": "semgrep_id",
127
+ "name": "bandit.B301-4",
128
+ "value": "bandit.B301-4"
129
+ },
130
+ {
131
+ "type": "semgrep_id",
132
+ "name": "bandit.B302",
133
+ "value": "bandit.B302"
134
+ },
135
+ {
136
+ "type": "semgrep_id",
137
+ "name": "bandit.B303-1",
138
+ "value": "bandit.B303-1"
139
+ },
140
+ {
141
+ "type": "semgrep_id",
142
+ "name": "bandit.B303-2",
143
+ "value": "bandit.B303-2"
144
+ },
145
+ {
146
+ "type": "semgrep_id",
147
+ "name": "bandit.B303-7",
148
+ "value": "bandit.B303-7"
149
+ },
150
+ {
151
+ "type": "semgrep_id",
152
+ "name": "bandit.B303-8",
153
+ "value": "bandit.B303-8"
154
+ },
155
+ {
156
+ "type": "semgrep_id",
157
+ "name": "bandit.B304-1",
158
+ "value": "bandit.B304-1"
159
+ },
160
+ {
161
+ "type": "semgrep_id",
162
+ "name": "bandit.B304-10",
163
+ "value": "bandit.B304-10"
164
+ },
165
+ {
166
+ "type": "semgrep_id",
167
+ "name": "bandit.B304-11",
168
+ "value": "bandit.B304-11"
169
+ },
170
+ {
171
+ "type": "semgrep_id",
172
+ "name": "bandit.B304-12",
173
+ "value": "bandit.B304-12"
174
+ },
175
+ {
176
+ "type": "semgrep_id",
177
+ "name": "bandit.B304-2",
178
+ "value": "bandit.B304-2"
179
+ },
180
+ {
181
+ "type": "semgrep_id",
182
+ "name": "bandit.B304-3",
183
+ "value": "bandit.B304-3"
184
+ },
185
+ {
186
+ "type": "semgrep_id",
187
+ "name": "bandit.B304-4",
188
+ "value": "bandit.B304-4"
189
+ },
190
+ {
191
+ "type": "semgrep_id",
192
+ "name": "bandit.B304-5",
193
+ "value": "bandit.B304-5"
194
+ },
195
+ {
196
+ "type": "semgrep_id",
197
+ "name": "bandit.B304-6",
198
+ "value": "bandit.B304-6"
199
+ },
200
+ {
201
+ "type": "semgrep_id",
202
+ "name": "bandit.B304-7",
203
+ "value": "bandit.B304-7"
204
+ },
205
+ {
206
+ "type": "semgrep_id",
207
+ "name": "bandit.B304-8",
208
+ "value": "bandit.B304-8"
209
+ },
210
+ {
211
+ "type": "semgrep_id",
212
+ "name": "bandit.B304-9",
213
+ "value": "bandit.B304-9"
214
+ },
215
+ {
216
+ "type": "semgrep_id",
217
+ "name": "bandit.B305",
218
+ "value": "bandit.B305"
219
+ },
220
+ {
221
+ "type": "semgrep_id",
222
+ "name": "bandit.B306",
223
+ "value": "bandit.B306"
224
+ },
225
+ {
226
+ "type": "semgrep_id",
227
+ "name": "bandit.B307",
228
+ "value": "bandit.B307"
229
+ },
230
+ {
231
+ "type": "semgrep_id",
232
+ "name": "bandit.B310-1",
233
+ "value": "bandit.B310-1"
234
+ },
235
+ {
236
+ "type": "semgrep_id",
237
+ "name": "bandit.B311",
238
+ "value": "bandit.B311"
239
+ },
240
+ {
241
+ "type": "semgrep_id",
242
+ "name": "bandit.B313",
243
+ "value": "bandit.B313"
244
+ },
245
+ {
246
+ "type": "semgrep_id",
247
+ "name": "bandit.B314",
248
+ "value": "bandit.B314"
249
+ },
250
+ {
251
+ "type": "semgrep_id",
252
+ "name": "bandit.B315",
253
+ "value": "bandit.B315"
254
+ },
255
+ {
256
+ "type": "semgrep_id",
257
+ "name": "bandit.B316",
258
+ "value": "bandit.B316"
259
+ },
260
+ {
261
+ "type": "semgrep_id",
262
+ "name": "bandit.B317",
263
+ "value": "bandit.B317"
264
+ },
265
+ {
266
+ "type": "semgrep_id",
267
+ "name": "bandit.B318",
268
+ "value": "bandit.B318"
269
+ },
270
+ {
271
+ "type": "semgrep_id",
272
+ "name": "bandit.B319",
273
+ "value": "bandit.B319"
274
+ },
275
+ {
276
+ "type": "semgrep_id",
277
+ "name": "bandit.B320",
278
+ "value": "bandit.B320"
279
+ },
280
+ {
281
+ "type": "semgrep_id",
282
+ "name": "bandit.B323",
283
+ "value": "bandit.B323"
284
+ },
285
+ {
286
+ "type": "semgrep_id",
287
+ "name": "bandit.B324",
288
+ "value": "bandit.B324"
289
+ },
290
+ {
291
+ "type": "semgrep_id",
292
+ "name": "bandit.B401",
293
+ "value": "bandit.B401"
294
+ },
295
+ {
296
+ "type": "semgrep_id",
297
+ "name": "bandit.B413",
298
+ "value": "bandit.B413"
299
+ },
300
+ {
301
+ "type": "semgrep_id",
302
+ "name": "bandit.B501",
303
+ "value": "bandit.B501"
304
+ },
305
+ {
306
+ "type": "semgrep_id",
307
+ "name": "bandit.B502",
308
+ "value": "bandit.B502"
309
+ },
310
+ {
311
+ "type": "semgrep_id",
312
+ "name": "bandit.B504",
313
+ "value": "bandit.B504"
314
+ },
315
+ {
316
+ "type": "semgrep_id",
317
+ "name": "bandit.B505-1",
318
+ "value": "bandit.B505-1"
319
+ },
320
+ {
321
+ "type": "semgrep_id",
322
+ "name": "bandit.B505-2",
323
+ "value": "bandit.B505-2"
324
+ },
325
+ {
326
+ "type": "semgrep_id",
327
+ "name": "bandit.B506",
328
+ "value": "bandit.B506"
329
+ },
330
+ {
331
+ "type": "semgrep_id",
332
+ "name": "bandit.B507",
333
+ "value": "bandit.B507"
334
+ },
335
+ {
336
+ "type": "semgrep_id",
337
+ "name": "bandit.B508",
338
+ "value": "bandit.B508"
339
+ },
340
+ {
341
+ "type": "semgrep_id",
342
+ "name": "bandit.B509",
343
+ "value": "bandit.B509"
344
+ },
345
+ {
346
+ "type": "semgrep_id",
347
+ "name": "bandit.B602",
348
+ "value": "bandit.B602"
349
+ },
350
+ {
351
+ "type": "semgrep_id",
352
+ "name": "bandit.B603",
353
+ "value": "bandit.B603"
354
+ },
355
+ {
356
+ "type": "semgrep_id",
357
+ "name": "bandit.B604",
358
+ "value": "bandit.B604"
359
+ },
360
+ {
361
+ "type": "semgrep_id",
362
+ "name": "bandit.B605",
363
+ "value": "bandit.B605"
364
+ },
365
+ {
366
+ "type": "semgrep_id",
367
+ "name": "bandit.B606",
368
+ "value": "bandit.B606"
369
+ },
370
+ {
371
+ "type": "semgrep_id",
372
+ "name": "bandit.B607",
373
+ "value": "bandit.B607"
374
+ },
375
+ {
376
+ "type": "semgrep_id",
377
+ "name": "bandit.B608",
378
+ "value": "bandit.B608"
379
+ },
380
+ {
381
+ "type": "semgrep_id",
382
+ "name": "bandit.B609",
383
+ "value": "bandit.B609"
384
+ },
385
+ {
386
+ "type": "semgrep_id",
387
+ "name": "bandit.B610",
388
+ "value": "bandit.B610"
389
+ },
390
+ {
391
+ "type": "semgrep_id",
392
+ "name": "bandit.B611",
393
+ "value": "bandit.B611"
394
+ },
395
+ {
396
+ "type": "semgrep_id",
397
+ "name": "bandit.B611",
398
+ "value": "bandit.B611"
399
+ },
400
+ {
401
+ "type": "semgrep_id",
402
+ "name": "bandit.B612",
403
+ "value": "bandit.B612"
404
+ },
405
+ {
406
+ "type": "semgrep_id",
407
+ "name": "bandit.B701",
408
+ "value": "bandit.B701"
409
+ },
410
+ {
411
+ "type": "semgrep_id",
412
+ "name": "bandit.B702",
413
+ "value": "bandit.B702"
414
+ },
415
+ {
416
+ "type": "semgrep_id",
417
+ "name": "bandit.B703",
418
+ "value": "bandit.B703"
419
+ },
420
+ {
421
+ "type": "semgrep_id",
422
+ "name": "brakeman.ruby_cookie_rule-CheckCookieStoreSessionSecurityAttributes",
423
+ "value": "brakeman.ruby_cookie_rule-CheckCookieStoreSessionSecurityAttributes"
424
+ },
425
+ {
426
+ "type": "semgrep_id",
427
+ "name": "brakeman.ruby_cookie_rule-CookieSerialization",
428
+ "value": "brakeman.ruby_cookie_rule-CookieSerialization"
429
+ },
430
+ {
431
+ "type": "semgrep_id",
432
+ "name": "brakeman.ruby_crypto_rule-InsufficientRSAKeySize",
433
+ "value": "brakeman.ruby_crypto_rule-InsufficientRSAKeySize"
434
+ },
435
+ {
436
+ "type": "semgrep_id",
437
+ "name": "brakeman.ruby_crypto_rule-WeakHashesMD5",
438
+ "value": "brakeman.ruby_crypto_rule-WeakHashesMD5"
439
+ },
440
+ {
441
+ "type": "semgrep_id",
442
+ "name": "brakeman.ruby_crypto_rule-WeakHashesSHA1",
443
+ "value": "brakeman.ruby_crypto_rule-WeakHashesSHA1"
444
+ },
445
+ {
446
+ "type": "semgrep_id",
447
+ "name": "brakeman.ruby_csrf_rule-MissingCSRFProtection",
448
+ "value": "brakeman.ruby_csrf_rule-MissingCSRFProtection"
449
+ },
450
+ {
451
+ "type": "semgrep_id",
452
+ "name": "brakeman.ruby_deserialization_rule-BadDeserialization",
453
+ "value": "brakeman.ruby_deserialization_rule-BadDeserialization"
454
+ },
455
+ {
456
+ "type": "semgrep_id",
457
+ "name": "brakeman.ruby_deserialization_rule-BadDeserializationEnv",
458
+ "value": "brakeman.ruby_deserialization_rule-BadDeserializationEnv"
459
+ },
460
+ {
461
+ "type": "semgrep_id",
462
+ "name": "brakeman.ruby_deserialization_rule-BadDeserializationYAML",
463
+ "value": "brakeman.ruby_deserialization_rule-BadDeserializationYAML"
464
+ },
465
+ {
466
+ "type": "semgrep_id",
467
+ "name": "brakeman.ruby_error_rule-DivideByZero",
468
+ "value": "brakeman.ruby_error_rule-DivideByZero"
469
+ },
470
+ {
471
+ "type": "semgrep_id",
472
+ "name": "brakeman.ruby_escaping_rule-JSONEntityEscape",
473
+ "value": "brakeman.ruby_escaping_rule-JSONEntityEscape"
474
+ },
475
+ {
476
+ "type": "semgrep_id",
477
+ "name": "brakeman.ruby_eval_rule-NoEval",
478
+ "value": "brakeman.ruby_eval_rule-NoEval"
479
+ },
480
+ {
481
+ "type": "semgrep_id",
482
+ "name": "brakeman.ruby_exceptions_rule-DetailedExceptions",
483
+ "value": "brakeman.ruby_exceptions_rule-DetailedExceptions"
484
+ },
485
+ {
486
+ "type": "semgrep_id",
487
+ "name": "brakeman.ruby_file_rule-AvoidTaintedFileAccess",
488
+ "value": "brakeman.ruby_file_rule-AvoidTaintedFileAccess"
489
+ },
490
+ {
491
+ "type": "semgrep_id",
492
+ "name": "brakeman.ruby_file_rule-CheckRenderLocalFileInclude",
493
+ "value": "brakeman.ruby_file_rule-CheckRenderLocalFileInclude"
494
+ },
495
+ {
496
+ "type": "semgrep_id",
497
+ "name": "brakeman.ruby_file_rule-CheckSendFile",
498
+ "value": "brakeman.ruby_file_rule-CheckSendFile"
499
+ },
500
+ {
501
+ "type": "semgrep_id",
502
+ "name": "brakeman.ruby_filter_rule-CheckBeforeFilter",
503
+ "value": "brakeman.ruby_filter_rule-CheckBeforeFilter"
504
+ },
505
+ {
506
+ "type": "semgrep_id",
507
+ "name": "brakeman.ruby_find_rule-CheckUnscopedFind",
508
+ "value": "brakeman.ruby_find_rule-CheckUnscopedFind"
509
+ },
510
+ {
511
+ "type": "semgrep_id",
512
+ "name": "brakeman.ruby_ftp_rule-AvoidTaintedFTPCall",
513
+ "value": "brakeman.ruby_ftp_rule-AvoidTaintedFTPCall"
514
+ },
515
+ {
516
+ "type": "semgrep_id",
517
+ "name": "brakeman.ruby_http_rule-AvoidTaintedHTTPRequest",
518
+ "value": "brakeman.ruby_http_rule-AvoidTaintedHTTPRequest"
519
+ },
520
+ {
521
+ "type": "semgrep_id",
522
+ "name": "brakeman.ruby_http_rule-CheckHTTPVerbConfusion",
523
+ "value": "brakeman.ruby_http_rule-CheckHTTPVerbConfusion"
524
+ },
525
+ {
526
+ "type": "semgrep_id",
527
+ "name": "brakeman.ruby_injection_rule-AvoidTaintedShellCall",
528
+ "value": "brakeman.ruby_injection_rule-AvoidTaintedShellCall"
529
+ },
530
+ {
531
+ "type": "semgrep_id",
532
+ "name": "brakeman.ruby_injection_rule-BadSend",
533
+ "value": "brakeman.ruby_injection_rule-BadSend"
534
+ },
535
+ {
536
+ "type": "semgrep_id",
537
+ "name": "brakeman.ruby_injection_rule-DangerousExec",
538
+ "value": "brakeman.ruby_injection_rule-DangerousExec"
539
+ },
540
+ {
541
+ "type": "semgrep_id",
542
+ "name": "brakeman.ruby_mass_assignment_rule-ModelAttrAccessible",
543
+ "value": "brakeman.ruby_mass_assignment_rule-ModelAttrAccessible"
544
+ },
545
+ {
546
+ "type": "semgrep_id",
547
+ "name": "brakeman.ruby_mass_assignment_rule-UnprotectedMassAssign",
548
+ "value": "brakeman.ruby_mass_assignment_rule-UnprotectedMassAssign"
549
+ },
550
+ {
551
+ "type": "semgrep_id",
552
+ "name": "brakeman.ruby_redirect_rule-CheckRedirectTo",
553
+ "value": "brakeman.ruby_redirect_rule-CheckRedirectTo"
554
+ },
555
+ {
556
+ "type": "semgrep_id",
557
+ "name": "brakeman.ruby_reflection_rule-CheckUnsafeReflection",
558
+ "value": "brakeman.ruby_reflection_rule-CheckUnsafeReflection"
559
+ },
560
+ {
561
+ "type": "semgrep_id",
562
+ "name": "brakeman.ruby_reflection_rule-CheckUnsafeReflectionMethods",
563
+ "value": "brakeman.ruby_reflection_rule-CheckUnsafeReflectionMethods"
564
+ },
565
+ {
566
+ "type": "semgrep_id",
567
+ "name": "brakeman.ruby_regex_rule-CheckRegexDOS",
568
+ "value": "brakeman.ruby_regex_rule-CheckRegexDOS"
569
+ },
570
+ {
571
+ "type": "semgrep_id",
572
+ "name": "brakeman.ruby_regex_rule-CheckValidationRegex",
573
+ "value": "brakeman.ruby_regex_rule-CheckValidationRegex"
574
+ },
575
+ {
576
+ "type": "semgrep_id",
577
+ "name": "brakeman.ruby_routes_rule-AvoidDefaultRoutes",
578
+ "value": "brakeman.ruby_routes_rule-AvoidDefaultRoutes"
579
+ },
580
+ {
581
+ "type": "semgrep_id",
582
+ "name": "brakeman.ruby_session_rule-AvoidSessionManipulation",
583
+ "value": "brakeman.ruby_session_rule-AvoidSessionManipulation"
584
+ },
585
+ {
586
+ "type": "semgrep_id",
587
+ "name": "brakeman.ruby_sql_rule-CheckSQL",
588
+ "value": "brakeman.ruby_sql_rule-CheckSQL"
589
+ },
590
+ {
591
+ "type": "semgrep_id",
592
+ "name": "brakeman.ruby_ssl_rule-ForceSSLFalse",
593
+ "value": "brakeman.ruby_ssl_rule-ForceSSLFalse"
594
+ },
595
+ {
596
+ "type": "semgrep_id",
597
+ "name": "brakeman.ruby_ssl_rule-SSLModeNoVerify",
598
+ "value": "brakeman.ruby_ssl_rule-SSLModeNoVerify"
599
+ },
600
+ {
601
+ "type": "semgrep_id",
602
+ "name": "brakeman.ruby_xss_rule-AvoidLinkTo",
603
+ "value": "brakeman.ruby_xss_rule-AvoidLinkTo"
604
+ },
605
+ {
606
+ "type": "semgrep_id",
607
+ "name": "brakeman.ruby_xss_rule-AvoidRenderInline",
608
+ "value": "brakeman.ruby_xss_rule-AvoidRenderInline"
609
+ },
610
+ {
611
+ "type": "semgrep_id",
612
+ "name": "brakeman.ruby_xss_rule-AvoidRenderText",
613
+ "value": "brakeman.ruby_xss_rule-AvoidRenderText"
614
+ },
615
+ {
616
+ "type": "semgrep_id",
617
+ "name": "brakeman.ruby_xss_rule-ManualTemplateCreation",
618
+ "value": "brakeman.ruby_xss_rule-ManualTemplateCreation"
619
+ },
620
+ {
621
+ "type": "semgrep_id",
622
+ "name": "eslint.detect-buffer-noassert-read",
623
+ "value": "eslint.detect-buffer-noassert-read",
624
+ "url": "https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-buffer-noassert.js"
625
+ },
626
+ {
627
+ "type": "semgrep_id",
628
+ "name": "eslint.detect-buffer-noassert-write",
629
+ "value": "eslint.detect-buffer-noassert-write",
630
+ "url": "https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-buffer-noassert.js"
631
+ },
632
+ {
633
+ "type": "semgrep_id",
634
+ "name": "eslint.detect-disable-mustache-escape",
635
+ "value": "eslint.detect-disable-mustache-escape"
636
+ },
637
+ {
638
+ "type": "semgrep_id",
639
+ "name": "eslint.detect-eval-with-expression",
640
+ "value": "eslint.detect-eval-with-expression",
641
+ "url": "https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-eval-with-expression.js"
642
+ },
643
+ {
644
+ "type": "semgrep_id",
645
+ "name": "eslint.detect-new-buffer",
646
+ "value": "eslint.detect-new-buffer",
647
+ "url": "https://github.com/eslint-community/eslint-plugin-security/blob/main/rules/detect-new-buffer.js"
648
+ },
649
+ {
650
+ "type": "semgrep_id",
651
+ "name": "eslint.detect-non-literal-fs-filename",
652
+ "value": "eslint.detect-non-literal-fs-filename"
653
+ },
654
+ {
655
+ "type": "semgrep_id",
656
+ "name": "eslint.detect-non-literal-regexp",
657
+ "value": "eslint.detect-non-literal-regexp"
658
+ },
659
+ {
660
+ "type": "semgrep_id",
661
+ "name": "eslint.detect-non-literal-require",
662
+ "value": "eslint.detect-non-literal-require",
663
+ "url": "https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-require.js"
664
+ },
665
+ {
666
+ "type": "semgrep_id",
667
+ "name": "eslint.detect-possible-timing-attacks",
668
+ "value": "eslint.detect-possible-timing-attacks"
669
+ },
670
+ {
671
+ "type": "semgrep_id",
672
+ "name": "eslint.detect-pseudoRandomBytes",
673
+ "value": "eslint.detect-pseudoRandomBytes",
674
+ "url": "https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-pseudoRandomBytes.js"
675
+ },
676
+ {
677
+ "type": "semgrep_id",
678
+ "name": "eslint.react-dangerouslysetinnerhtml",
679
+ "value": "eslint.react-dangerouslysetinnerhtml"
680
+ },
681
+ {
682
+ "type": "semgrep_id",
683
+ "name": "find_sec_bugs.BAD_HEXA_CONVERSION-1",
684
+ "value": "find_sec_bugs.BAD_HEXA_CONVERSION-1"
685
+ },
686
+ {
687
+ "type": "semgrep_id",
688
+ "name": "find_sec_bugs.BLOWFISH_KEY_SIZE-1",
689
+ "value": "find_sec_bugs.BLOWFISH_KEY_SIZE-1"
690
+ },
691
+ {
692
+ "type": "semgrep_id",
693
+ "name": "find_sec_bugs.CIPHER_INTEGRITY-1",
694
+ "value": "find_sec_bugs.CIPHER_INTEGRITY-1"
695
+ },
696
+ {
697
+ "type": "semgrep_id",
698
+ "name": "find_sec_bugs.COMMAND_INJECTION-1",
699
+ "value": "find_sec_bugs.COMMAND_INJECTION-1"
700
+ },
701
+ {
702
+ "type": "semgrep_id",
703
+ "name": "find_sec_bugs.CUSTOM_MESSAGE_DIGEST-1",
704
+ "value": "find_sec_bugs.CUSTOM_MESSAGE_DIGEST-1"
705
+ },
706
+ {
707
+ "type": "semgrep_id",
708
+ "name": "find_sec_bugs.DANGEROUS_PERMISSION_COMBINATION-1",
709
+ "value": "find_sec_bugs.DANGEROUS_PERMISSION_COMBINATION-1"
710
+ },
711
+ {
712
+ "type": "semgrep_id",
713
+ "name": "find_sec_bugs.DEFAULT_HTTP_CLIENT-1",
714
+ "value": "find_sec_bugs.DEFAULT_HTTP_CLIENT-1"
715
+ },
716
+ {
717
+ "type": "semgrep_id",
718
+ "name": "find_sec_bugs.DES_USAGE-1",
719
+ "value": "find_sec_bugs.DES_USAGE-1"
720
+ },
721
+ {
722
+ "type": "semgrep_id",
723
+ "name": "find_sec_bugs.DMI_CONSTANT_DB_PASSWORD-1.HARD_CODE_PASSWORD-3",
724
+ "value": "find_sec_bugs.DMI_CONSTANT_DB_PASSWORD-1.HARD_CODE_PASSWORD-3"
725
+ },
726
+ {
727
+ "type": "semgrep_id",
728
+ "name": "find_sec_bugs.DMI_EMPTY_DB_PASSWORD-1.HARD_CODE_PASSWORD-2",
729
+ "value": "find_sec_bugs.DMI_EMPTY_DB_PASSWORD-1.HARD_CODE_PASSWORD-2"
730
+ },
731
+ {
732
+ "type": "semgrep_id",
733
+ "name": "find_sec_bugs.ECB_MODE-1",
734
+ "value": "find_sec_bugs.ECB_MODE-1"
735
+ },
736
+ {
737
+ "type": "semgrep_id",
738
+ "name": "find_sec_bugs.EL_INJECTION-1",
739
+ "value": "find_sec_bugs.EL_INJECTION-1"
740
+ },
741
+ {
742
+ "type": "semgrep_id",
743
+ "name": "find_sec_bugs.EXTERNAL_CONFIG_CONTROL-1",
744
+ "value": "find_sec_bugs.EXTERNAL_CONFIG_CONTROL-1"
745
+ },
746
+ {
747
+ "type": "semgrep_id",
748
+ "name": "find_sec_bugs.FILE_UPLOAD_FILENAME-1",
749
+ "value": "find_sec_bugs.FILE_UPLOAD_FILENAME-1"
750
+ },
751
+ {
752
+ "type": "semgrep_id",
753
+ "name": "find_sec_bugs.FORMAT_STRING_MANIPULATION-1",
754
+ "value": "find_sec_bugs.FORMAT_STRING_MANIPULATION-1"
755
+ },
756
+ {
757
+ "type": "semgrep_id",
758
+ "name": "find_sec_bugs.HARD_CODE_PASSWORD-1",
759
+ "value": "find_sec_bugs.HARD_CODE_PASSWORD-1"
760
+ },
761
+ {
762
+ "type": "semgrep_id",
763
+ "name": "find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION-1",
764
+ "value": "find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION-1"
765
+ },
766
+ {
767
+ "type": "semgrep_id",
768
+ "name": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER-1",
769
+ "value": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER-1"
770
+ },
771
+ {
772
+ "type": "semgrep_id",
773
+ "name": "find_sec_bugs.HTTP_PARAMETER_POLLUTION-1",
774
+ "value": "find_sec_bugs.HTTP_PARAMETER_POLLUTION-1"
775
+ },
776
+ {
777
+ "type": "semgrep_id",
778
+ "name": "find_sec_bugs.HTTP_RESPONSE_SPLITTING-1",
779
+ "value": "find_sec_bugs.HTTP_RESPONSE_SPLITTING-1"
780
+ },
781
+ {
782
+ "type": "semgrep_id",
783
+ "name": "find_sec_bugs.INSECURE_COOKIE-1",
784
+ "value": "find_sec_bugs.INSECURE_COOKIE-1"
785
+ },
786
+ {
787
+ "type": "semgrep_id",
788
+ "name": "find_sec_bugs.INSECURE_SMTP_SSL-1",
789
+ "value": "find_sec_bugs.INSECURE_SMTP_SSL-1"
790
+ },
791
+ {
792
+ "type": "semgrep_id",
793
+ "name": "find_sec_bugs.LDAP_ANONYMOUS-1",
794
+ "value": "find_sec_bugs.LDAP_ANONYMOUS-1"
795
+ },
796
+ {
797
+ "type": "semgrep_id",
798
+ "name": "find_sec_bugs.LDAP_INJECTION-1",
799
+ "value": "find_sec_bugs.LDAP_INJECTION-1"
800
+ },
801
+ {
802
+ "type": "semgrep_id",
803
+ "name": "find_sec_bugs.MALICIOUS_XSLT-1",
804
+ "value": "find_sec_bugs.MALICIOUS_XSLT-1"
805
+ },
806
+ {
807
+ "type": "semgrep_id",
808
+ "name": "find_sec_bugs.MODIFICATION_AFTER_VALIDATION-1",
809
+ "value": "find_sec_bugs.MODIFICATION_AFTER_VALIDATION-1"
810
+ },
811
+ {
812
+ "type": "semgrep_id",
813
+ "name": "find_sec_bugs.NORMALIZATION_AFTER_VALIDATION-1",
814
+ "value": "find_sec_bugs.NORMALIZATION_AFTER_VALIDATION-1"
815
+ },
816
+ {
817
+ "type": "semgrep_id",
818
+ "name": "find_sec_bugs.NULL_CIPHER-1",
819
+ "value": "find_sec_bugs.NULL_CIPHER-1"
820
+ },
821
+ {
822
+ "type": "semgrep_id",
823
+ "name": "find_sec_bugs.OGNL_INJECTION-1",
824
+ "value": "find_sec_bugs.OGNL_INJECTION-1"
825
+ },
826
+ {
827
+ "type": "semgrep_id",
828
+ "name": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION-1",
829
+ "value": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION-1"
830
+ },
831
+ {
832
+ "type": "semgrep_id",
833
+ "name": "find_sec_bugs.PADDING_ORACLE-1",
834
+ "value": "find_sec_bugs.PADDING_ORACLE-1"
835
+ },
836
+ {
837
+ "type": "semgrep_id",
838
+ "name": "find_sec_bugs.PERMISSIVE_CORS-2",
839
+ "value": "find_sec_bugs.PERMISSIVE_CORS-2"
840
+ },
841
+ {
842
+ "type": "semgrep_id",
843
+ "name": "find_sec_bugs.PT_ABSOLUTE_PATH_TRAVERSAL-1",
844
+ "value": "find_sec_bugs.PT_ABSOLUTE_PATH_TRAVERSAL-1"
845
+ },
846
+ {
847
+ "type": "semgrep_id",
848
+ "name": "find_sec_bugs.REQUESTDISPATCHER_FILE_DISCLOSURE-1",
849
+ "value": "find_sec_bugs.REQUESTDISPATCHER_FILE_DISCLOSURE-1"
850
+ },
851
+ {
852
+ "type": "semgrep_id",
853
+ "name": "find_sec_bugs.RSA_KEY_SIZE-1",
854
+ "value": "find_sec_bugs.RSA_KEY_SIZE-1"
855
+ },
856
+ {
857
+ "type": "semgrep_id",
858
+ "name": "find_sec_bugs.RSA_NO_PADDING-1",
859
+ "value": "find_sec_bugs.RSA_NO_PADDING-1"
860
+ },
861
+ {
862
+ "type": "semgrep_id",
863
+ "name": "find_sec_bugs.SAML_IGNORE_COMMENTS-1",
864
+ "value": "find_sec_bugs.SAML_IGNORE_COMMENTS-1"
865
+ },
866
+ {
867
+ "type": "semgrep_id",
868
+ "name": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-1.SPEL_INJECTION-1.EL_INJECTION-2.SEAM_LOG_INJECTION-1",
869
+ "value": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-1.SPEL_INJECTION-1.EL_INJECTION-2.SEAM_LOG_INJECTION-1"
870
+ },
871
+ {
872
+ "type": "semgrep_id",
873
+ "name": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-2",
874
+ "value": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-2"
875
+ },
876
+ {
877
+ "type": "semgrep_id",
878
+ "name": "find_sec_bugs.SMTP_HEADER_INJECTION-1",
879
+ "value": "find_sec_bugs.SMTP_HEADER_INJECTION-1"
880
+ },
881
+ {
882
+ "type": "semgrep_id",
883
+ "name": "find_sec_bugs.SPRING_FILE_DISCLOSURE-1",
884
+ "value": "find_sec_bugs.SPRING_FILE_DISCLOSURE-1"
885
+ },
886
+ {
887
+ "type": "semgrep_id",
888
+ "name": "find_sec_bugs.SSL_CONTEXT-1",
889
+ "value": "find_sec_bugs.SSL_CONTEXT-1"
890
+ },
891
+ {
892
+ "type": "semgrep_id",
893
+ "name": "find_sec_bugs.SSL_CONTEXT-2",
894
+ "value": "find_sec_bugs.SSL_CONTEXT-2"
895
+ },
896
+ {
897
+ "type": "semgrep_id",
898
+ "name": "find_sec_bugs.TDES_USAGE-1",
899
+ "value": "find_sec_bugs.TDES_USAGE-1"
900
+ },
901
+ {
902
+ "type": "semgrep_id",
903
+ "name": "find_sec_bugs.TEMPLATE_INJECTION_PEBBLE-1.TEMPLATE_INJECTION_FREEMARKER-1.TEMPLATE_INJECTION_VELOCITY-1",
904
+ "value": "find_sec_bugs.TEMPLATE_INJECTION_PEBBLE-1.TEMPLATE_INJECTION_FREEMARKER-1.TEMPLATE_INJECTION_VELOCITY-1"
905
+ },
906
+ {
907
+ "type": "semgrep_id",
908
+ "name": "find_sec_bugs.UNVALIDATED_REDIRECT-1.URL_REWRITING-1",
909
+ "value": "find_sec_bugs.UNVALIDATED_REDIRECT-1.URL_REWRITING-1"
910
+ },
911
+ {
912
+ "type": "semgrep_id",
913
+ "name": "find_sec_bugs.URLCONNECTION_SSRF_FD-1",
914
+ "value": "find_sec_bugs.URLCONNECTION_SSRF_FD-1"
915
+ },
916
+ {
917
+ "type": "semgrep_id",
918
+ "name": "find_sec_bugs.WEAK_FILENAMEUTILS-1",
919
+ "value": "find_sec_bugs.WEAK_FILENAMEUTILS-1"
920
+ },
921
+ {
922
+ "type": "semgrep_id",
923
+ "name": "find_sec_bugs.WEAK_HOSTNAME_VERIFIER",
924
+ "value": "find_sec_bugs.WEAK_HOSTNAME_VERIFIER"
925
+ },
926
+ {
927
+ "type": "semgrep_id",
928
+ "name": "find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1",
929
+ "value": "find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1"
930
+ },
931
+ {
932
+ "type": "semgrep_id",
933
+ "name": "find_sec_bugs.WEAK_TRUST_MANAGER",
934
+ "value": "find_sec_bugs.WEAK_TRUST_MANAGER"
935
+ },
936
+ {
937
+ "type": "semgrep_id",
938
+ "name": "find_sec_bugs.WICKET_XSS1-1",
939
+ "value": "find_sec_bugs.WICKET_XSS1-1"
940
+ },
941
+ {
942
+ "type": "semgrep_id",
943
+ "name": "find_sec_bugs.XML_DECODER-1",
944
+ "value": "find_sec_bugs.XML_DECODER-1"
945
+ },
946
+ {
947
+ "type": "semgrep_id",
948
+ "name": "find_sec_bugs.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER-1",
949
+ "value": "find_sec_bugs.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER-1"
950
+ },
951
+ {
952
+ "type": "semgrep_id",
953
+ "name": "find_sec_bugs.XXE_XMLREADER-1",
954
+ "value": "find_sec_bugs.XXE_XMLREADER-1"
955
+ },
956
+ {
957
+ "type": "semgrep_id",
958
+ "name": "find_sec_bugs.BAD_HEXA_CONVERSION-1",
959
+ "value": "find_sec_bugs.BAD_HEXA_CONVERSION-1"
960
+ },
961
+ {
962
+ "type": "semgrep_id",
963
+ "name": "find_sec_bugs.BLOWFISH_KEY_SIZE-1",
964
+ "value": "find_sec_bugs.BLOWFISH_KEY_SIZE-1"
965
+ },
966
+ {
967
+ "type": "semgrep_id",
968
+ "name": "find_sec_bugs.CIPHER_INTEGRITY-1",
969
+ "value": "find_sec_bugs.CIPHER_INTEGRITY-1"
970
+ },
971
+ {
972
+ "type": "semgrep_id",
973
+ "name": "find_sec_bugs.COMMAND_INJECTION-1",
974
+ "value": "find_sec_bugs.COMMAND_INJECTION-1"
975
+ },
976
+ {
977
+ "type": "semgrep_id",
978
+ "name": "find_sec_bugs.CUSTOM_MESSAGE_DIGEST-1",
979
+ "value": "find_sec_bugs.CUSTOM_MESSAGE_DIGEST-1"
980
+ },
981
+ {
982
+ "type": "semgrep_id",
983
+ "name": "find_sec_bugs.DANGEROUS_PERMISSION_COMBINATION-1",
984
+ "value": "find_sec_bugs.DANGEROUS_PERMISSION_COMBINATION-1"
985
+ },
986
+ {
987
+ "type": "semgrep_id",
988
+ "name": "find_sec_bugs.DES_USAGE-1",
989
+ "value": "find_sec_bugs.DES_USAGE-1"
990
+ },
991
+ {
992
+ "type": "semgrep_id",
993
+ "name": "find_sec_bugs.DMI_CONSTANT_DB_PASSWORD-1.HARD_CODE_PASSWORD-3",
994
+ "value": "find_sec_bugs.DMI_CONSTANT_DB_PASSWORD-1.HARD_CODE_PASSWORD-3"
995
+ },
996
+ {
997
+ "type": "semgrep_id",
998
+ "name": "find_sec_bugs.DMI_EMPTY_DB_PASSWORD-1.HARD_CODE_PASSWORD-2",
999
+ "value": "find_sec_bugs.DMI_EMPTY_DB_PASSWORD-1.HARD_CODE_PASSWORD-2"
1000
+ },
1001
+ {
1002
+ "type": "semgrep_id",
1003
+ "name": "find_sec_bugs.ECB_MODE-1",
1004
+ "value": "find_sec_bugs.ECB_MODE-1"
1005
+ },
1006
+ {
1007
+ "type": "semgrep_id",
1008
+ "name": "find_sec_bugs.EL_INJECTION-1",
1009
+ "value": "find_sec_bugs.EL_INJECTION-1"
1010
+ },
1011
+ {
1012
+ "type": "semgrep_id",
1013
+ "name": "find_sec_bugs.EXTERNAL_CONFIG_CONTROL-1",
1014
+ "value": "find_sec_bugs.EXTERNAL_CONFIG_CONTROL-1"
1015
+ },
1016
+ {
1017
+ "type": "semgrep_id",
1018
+ "name": "find_sec_bugs.FILE_UPLOAD_FILENAME-1",
1019
+ "value": "find_sec_bugs.FILE_UPLOAD_FILENAME-1"
1020
+ },
1021
+ {
1022
+ "type": "semgrep_id",
1023
+ "name": "find_sec_bugs.FORMAT_STRING_MANIPULATION-1",
1024
+ "value": "find_sec_bugs.FORMAT_STRING_MANIPULATION-1"
1025
+ },
1026
+ {
1027
+ "type": "semgrep_id",
1028
+ "name": "find_sec_bugs.HARD_CODE_PASSWORD-1",
1029
+ "value": "find_sec_bugs.HARD_CODE_PASSWORD-1"
1030
+ },
1031
+ {
1032
+ "type": "semgrep_id",
1033
+ "name": "find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION-1",
1034
+ "value": "find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION-1"
1035
+ },
1036
+ {
1037
+ "type": "semgrep_id",
1038
+ "name": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER-1",
1039
+ "value": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER-1"
1040
+ },
1041
+ {
1042
+ "type": "semgrep_id",
1043
+ "name": "find_sec_bugs.HTTPONLY_COOKIE-1",
1044
+ "value": "find_sec_bugs.HTTPONLY_COOKIE-1"
1045
+ },
1046
+ {
1047
+ "type": "semgrep_id",
1048
+ "name": "find_sec_bugs.HTTP_PARAMETER_POLLUTION-1",
1049
+ "value": "find_sec_bugs.HTTP_PARAMETER_POLLUTION-1"
1050
+ },
1051
+ {
1052
+ "type": "semgrep_id",
1053
+ "name": "find_sec_bugs.HTTP_RESPONSE_SPLITTING-1",
1054
+ "value": "find_sec_bugs.HTTP_RESPONSE_SPLITTING-1"
1055
+ },
1056
+ {
1057
+ "type": "semgrep_id",
1058
+ "name": "find_sec_bugs.INSECURE_COOKIE-1",
1059
+ "value": "find_sec_bugs.INSECURE_COOKIE-1"
1060
+ },
1061
+ {
1062
+ "type": "semgrep_id",
1063
+ "name": "find_sec_bugs.INSECURE_SMTP_SSL-1",
1064
+ "value": "find_sec_bugs.INSECURE_SMTP_SSL-1"
1065
+ },
1066
+ {
1067
+ "type": "semgrep_id",
1068
+ "name": "find_sec_bugs.LDAP_ANONYMOUS-1",
1069
+ "value": "find_sec_bugs.LDAP_ANONYMOUS-1"
1070
+ },
1071
+ {
1072
+ "type": "semgrep_id",
1073
+ "name": "find_sec_bugs.LDAP_INJECTION-1",
1074
+ "value": "find_sec_bugs.LDAP_INJECTION-1"
1075
+ },
1076
+ {
1077
+ "type": "semgrep_id",
1078
+ "name": "find_sec_bugs.MALICIOUS_XSLT-1",
1079
+ "value": "find_sec_bugs.MALICIOUS_XSLT-1"
1080
+ },
1081
+ {
1082
+ "type": "semgrep_id",
1083
+ "name": "find_sec_bugs.MODIFICATION_AFTER_VALIDATION-1",
1084
+ "value": "find_sec_bugs.MODIFICATION_AFTER_VALIDATION-1"
1085
+ },
1086
+ {
1087
+ "type": "semgrep_id",
1088
+ "name": "find_sec_bugs.NORMALIZATION_AFTER_VALIDATION-1",
1089
+ "value": "find_sec_bugs.NORMALIZATION_AFTER_VALIDATION-1"
1090
+ },
1091
+ {
1092
+ "type": "semgrep_id",
1093
+ "name": "find_sec_bugs.NULL_CIPHER-1",
1094
+ "value": "find_sec_bugs.NULL_CIPHER-1"
1095
+ },
1096
+ {
1097
+ "type": "semgrep_id",
1098
+ "name": "find_sec_bugs.OGNL_INJECTION-1",
1099
+ "value": "find_sec_bugs.OGNL_INJECTION-1"
1100
+ },
1101
+ {
1102
+ "type": "semgrep_id",
1103
+ "name": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION-1",
1104
+ "value": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION-1"
1105
+ },
1106
+ {
1107
+ "type": "semgrep_id",
1108
+ "name": "find_sec_bugs.PADDING_ORACLE-1",
1109
+ "value": "find_sec_bugs.PADDING_ORACLE-1"
1110
+ },
1111
+ {
1112
+ "type": "semgrep_id",
1113
+ "name": "find_sec_bugs.PERMISSIVE_CORS-2",
1114
+ "value": "find_sec_bugs.PERMISSIVE_CORS-2"
1115
+ },
1116
+ {
1117
+ "type": "semgrep_id",
1118
+ "name": "find_sec_bugs.PT_ABSOLUTE_PATH_TRAVERSAL-1",
1119
+ "value": "find_sec_bugs.PT_ABSOLUTE_PATH_TRAVERSAL-1"
1120
+ },
1121
+ {
1122
+ "type": "semgrep_id",
1123
+ "name": "find_sec_bugs.REQUESTDISPATCHER_FILE_DISCLOSURE-1.STRUTS_FILE_DISCLOSURE-1.SPRING_FILE_DISCLOSURE-1",
1124
+ "value": "find_sec_bugs.REQUESTDISPATCHER_FILE_DISCLOSURE-1.STRUTS_FILE_DISCLOSURE-1.SPRING_FILE_DISCLOSURE-1"
1125
+ },
1126
+ {
1127
+ "type": "semgrep_id",
1128
+ "name": "find_sec_bugs.RSA_KEY_SIZE-1",
1129
+ "value": "find_sec_bugs.RSA_KEY_SIZE-1"
1130
+ },
1131
+ {
1132
+ "type": "semgrep_id",
1133
+ "name": "find_sec_bugs.RSA_NO_PADDING-1",
1134
+ "value": "find_sec_bugs.RSA_NO_PADDING-1"
1135
+ },
1136
+ {
1137
+ "type": "semgrep_id",
1138
+ "name": "find_sec_bugs.SAML_IGNORE_COMMENTS-1",
1139
+ "value": "find_sec_bugs.SAML_IGNORE_COMMENTS-1"
1140
+ },
1141
+ {
1142
+ "type": "semgrep_id",
1143
+ "name": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-1.SPEL_INJECTION-1.EL_INJECTION-2.SEAM_LOG_INJECTION-1",
1144
+ "value": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-1.SPEL_INJECTION-1.EL_INJECTION-2.SEAM_LOG_INJECTION-1"
1145
+ },
1146
+ {
1147
+ "type": "semgrep_id",
1148
+ "name": "find_sec_bugs.SMTP_HEADER_INJECTION-1",
1149
+ "value": "find_sec_bugs.SMTP_HEADER_INJECTION-1"
1150
+ },
1151
+ {
1152
+ "type": "semgrep_id",
1153
+ "name": "find_sec_bugs.SPRING_CSRF_PROTECTION_DISABLED-1",
1154
+ "value": "find_sec_bugs.SPRING_CSRF_PROTECTION_DISABLED-1"
1155
+ },
1156
+ {
1157
+ "type": "semgrep_id",
1158
+ "name": "find_sec_bugs.SQL_INJECTION_SPRING_JDBC-1.SQL_INJECTION_JPA-1.SQL_INJECTION_JDO-1.SQL_INJECTION_JDBC-1.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE-1.SQL_INJECTION-1.SQL_INJECTION_HIBERNATE-1.SQL_INJECTION_VERTX-1.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING-1",
1159
+ "value": "find_sec_bugs.SQL_INJECTION_SPRING_JDBC-1.SQL_INJECTION_JPA-1.SQL_INJECTION_JDO-1.SQL_INJECTION_JDBC-1.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE-1.SQL_INJECTION-1.SQL_INJECTION_HIBERNATE-1.SQL_INJECTION_VERTX-1.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING-1"
1160
+ },
1161
+ {
1162
+ "type": "semgrep_id",
1163
+ "name": "find_sec_bugs.SSL_CONTEXT-1",
1164
+ "value": "find_sec_bugs.SSL_CONTEXT-1"
1165
+ },
1166
+ {
1167
+ "type": "semgrep_id",
1168
+ "name": "find_sec_bugs.SSL_CONTEXT-2",
1169
+ "value": "find_sec_bugs.SSL_CONTEXT-2"
1170
+ },
1171
+ {
1172
+ "type": "semgrep_id",
1173
+ "name": "find_sec_bugs.TDES_USAGE-1",
1174
+ "value": "find_sec_bugs.TDES_USAGE-1"
1175
+ },
1176
+ {
1177
+ "type": "semgrep_id",
1178
+ "name": "find_sec_bugs.TEMPLATE_INJECTION_PEBBLE-1.TEMPLATE_INJECTION_FREEMARKER-1.TEMPLATE_INJECTION_VELOCITY-1",
1179
+ "value": "find_sec_bugs.TEMPLATE_INJECTION_PEBBLE-1.TEMPLATE_INJECTION_FREEMARKER-1.TEMPLATE_INJECTION_VELOCITY-1"
1180
+ },
1181
+ {
1182
+ "type": "semgrep_id",
1183
+ "name": "find_sec_bugs.UNVALIDATED_REDIRECT-1.URL_REWRITING-1",
1184
+ "value": "find_sec_bugs.UNVALIDATED_REDIRECT-1.URL_REWRITING-1"
1185
+ },
1186
+ {
1187
+ "type": "semgrep_id",
1188
+ "name": "find_sec_bugs.URLCONNECTION_SSRF_FD-1",
1189
+ "value": "find_sec_bugs.URLCONNECTION_SSRF_FD-1"
1190
+ },
1191
+ {
1192
+ "type": "semgrep_id",
1193
+ "name": "find_sec_bugs.WEAK_FILENAMEUTILS-1",
1194
+ "value": "find_sec_bugs.WEAK_FILENAMEUTILS-1"
1195
+ },
1196
+ {
1197
+ "type": "semgrep_id",
1198
+ "name": "find_sec_bugs.WEAK_HOSTNAME_VERIFIER-1.WEAK_TRUST_MANAGER-1",
1199
+ "value": "find_sec_bugs.WEAK_HOSTNAME_VERIFIER-1.WEAK_TRUST_MANAGER-1"
1200
+ },
1201
+ {
1202
+ "type": "semgrep_id",
1203
+ "name": "find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1",
1204
+ "value": "find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1"
1205
+ },
1206
+ {
1207
+ "type": "semgrep_id",
1208
+ "name": "find_sec_bugs.WICKET_XSS1-1",
1209
+ "value": "find_sec_bugs.WICKET_XSS1-1"
1210
+ },
1211
+ {
1212
+ "type": "semgrep_id",
1213
+ "name": "find_sec_bugs.XML_DECODER-1",
1214
+ "value": "find_sec_bugs.XML_DECODER-1"
1215
+ },
1216
+ {
1217
+ "type": "semgrep_id",
1218
+ "name": "find_sec_bugs.XPATH_INJECTION-1",
1219
+ "value": "find_sec_bugs.XPATH_INJECTION-1"
1220
+ },
1221
+ {
1222
+ "type": "semgrep_id",
1223
+ "name": "find_sec_bugs.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER-1",
1224
+ "value": "find_sec_bugs.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER-1"
1225
+ },
1226
+ {
1227
+ "type": "semgrep_id",
1228
+ "name": "find_sec_bugs.XXE_SAXPARSER-1",
1229
+ "value": "find_sec_bugs.XXE_SAXPARSER-1"
1230
+ },
1231
+ {
1232
+ "type": "semgrep_id",
1233
+ "name": "find_sec_bugs.XXE_XMLREADER-1",
1234
+ "value": "find_sec_bugs.XXE_XMLREADER-1"
1235
+ },
1236
+ {
1237
+ "type": "semgrep_id",
1238
+ "name": "find_sec_bugs.XXE_XMLSTREAMREADER-1",
1239
+ "value": "find_sec_bugs.XXE_XMLSTREAMREADER-1"
1240
+ },
1241
+ {
1242
+ "type": "semgrep_id",
1243
+ "name": "find_sec_bugs.AWS_QUERY_INJECTION",
1244
+ "value": "find_sec_bugs.AWS_QUERY_INJECTION"
1245
+ },
1246
+ {
1247
+ "type": "semgrep_id",
1248
+ "name": "find_sec_bugs.BAD_HEXA_CONVERSION",
1249
+ "value": "find_sec_bugs.BAD_HEXA_CONVERSION"
1250
+ },
1251
+ {
1252
+ "type": "semgrep_id",
1253
+ "name": "find_sec_bugs.BEAN_PROPERTY_INJECTION",
1254
+ "value": "find_sec_bugs.BEAN_PROPERTY_INJECTION"
1255
+ },
1256
+ {
1257
+ "type": "semgrep_id",
1258
+ "name": "find_sec_bugs.BLOWFISH_KEY_SIZE",
1259
+ "value": "find_sec_bugs.BLOWFISH_KEY_SIZE"
1260
+ },
1261
+ {
1262
+ "type": "semgrep_id",
1263
+ "name": "find_sec_bugs.CIPHER_INTEGRITY",
1264
+ "value": "find_sec_bugs.CIPHER_INTEGRITY"
1265
+ },
1266
+ {
1267
+ "type": "semgrep_id",
1268
+ "name": "find_sec_bugs.COMMAND_INJECTION-1.SCALA_COMMAND_INJECTION-1",
1269
+ "value": "find_sec_bugs.COMMAND_INJECTION-1.SCALA_COMMAND_INJECTION-1"
1270
+ },
1271
+ {
1272
+ "type": "semgrep_id",
1273
+ "name": "find_sec_bugs.COOKIE_PERSISTENT",
1274
+ "value": "find_sec_bugs.COOKIE_PERSISTENT"
1275
+ },
1276
+ {
1277
+ "type": "semgrep_id",
1278
+ "name": "find_sec_bugs.COOKIE_USAGE",
1279
+ "value": "find_sec_bugs.COOKIE_USAGE"
1280
+ },
1281
+ {
1282
+ "type": "semgrep_id",
1283
+ "name": "find_sec_bugs.CRLF_INJECTION_LOGS",
1284
+ "value": "find_sec_bugs.CRLF_INJECTION_LOGS"
1285
+ },
1286
+ {
1287
+ "type": "semgrep_id",
1288
+ "name": "find_sec_bugs.CUSTOM_INJECTION",
1289
+ "value": "find_sec_bugs.CUSTOM_INJECTION"
1290
+ },
1291
+ {
1292
+ "type": "semgrep_id",
1293
+ "name": "find_sec_bugs.CUSTOM_INJECTION-2",
1294
+ "value": "find_sec_bugs.CUSTOM_INJECTION-2"
1295
+ },
1296
+ {
1297
+ "type": "semgrep_id",
1298
+ "name": "find_sec_bugs.CUSTOM_MESSAGE_DIGEST",
1299
+ "value": "find_sec_bugs.CUSTOM_MESSAGE_DIGEST"
1300
+ },
1301
+ {
1302
+ "type": "semgrep_id",
1303
+ "name": "find_sec_bugs.DANGEROUS_PERMISSION_COMBINATION",
1304
+ "value": "find_sec_bugs.DANGEROUS_PERMISSION_COMBINATION"
1305
+ },
1306
+ {
1307
+ "type": "semgrep_id",
1308
+ "name": "find_sec_bugs.DEFAULT_HTTP_CLIENT",
1309
+ "value": "find_sec_bugs.DEFAULT_HTTP_CLIENT"
1310
+ },
1311
+ {
1312
+ "type": "semgrep_id",
1313
+ "name": "find_sec_bugs.DES_USAGE",
1314
+ "value": "find_sec_bugs.DES_USAGE"
1315
+ },
1316
+ {
1317
+ "type": "semgrep_id",
1318
+ "name": "find_sec_bugs.DMI_CONSTANT_DB_PASSWORD-1.HARD_CODE_PASSWORD-3",
1319
+ "value": "find_sec_bugs.DMI_CONSTANT_DB_PASSWORD-1.HARD_CODE_PASSWORD-3"
1320
+ },
1321
+ {
1322
+ "type": "semgrep_id",
1323
+ "name": "find_sec_bugs.DMI_EMPTY_DB_PASSWORD-1.HARD_CODE_PASSWORD-2",
1324
+ "value": "find_sec_bugs.DMI_EMPTY_DB_PASSWORD-1.HARD_CODE_PASSWORD-2"
1325
+ },
1326
+ {
1327
+ "type": "semgrep_id",
1328
+ "name": "find_sec_bugs.ECB_MODE",
1329
+ "value": "find_sec_bugs.ECB_MODE"
1330
+ },
1331
+ {
1332
+ "type": "semgrep_id",
1333
+ "name": "find_sec_bugs.EL_INJECTION",
1334
+ "value": "find_sec_bugs.EL_INJECTION"
1335
+ },
1336
+ {
1337
+ "type": "semgrep_id",
1338
+ "name": "find_sec_bugs.EXTERNAL_CONFIG_CONTROL",
1339
+ "value": "find_sec_bugs.EXTERNAL_CONFIG_CONTROL"
1340
+ },
1341
+ {
1342
+ "type": "semgrep_id",
1343
+ "name": "find_sec_bugs.FILE_UPLOAD_FILENAME",
1344
+ "value": "find_sec_bugs.FILE_UPLOAD_FILENAME"
1345
+ },
1346
+ {
1347
+ "type": "semgrep_id",
1348
+ "name": "find_sec_bugs.FORMAT_STRING_MANIPULATION",
1349
+ "value": "find_sec_bugs.FORMAT_STRING_MANIPULATION"
1350
+ },
1351
+ {
1352
+ "type": "semgrep_id",
1353
+ "name": "find_sec_bugs.HARD_CODE_PASSWORD",
1354
+ "value": "find_sec_bugs.HARD_CODE_PASSWORD"
1355
+ },
1356
+ {
1357
+ "type": "semgrep_id",
1358
+ "name": "find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION",
1359
+ "value": "find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION"
1360
+ },
1361
+ {
1362
+ "type": "semgrep_id",
1363
+ "name": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_COOKIE",
1364
+ "value": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_COOKIE"
1365
+ },
1366
+ {
1367
+ "type": "semgrep_id",
1368
+ "name": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER",
1369
+ "value": "find_sec_bugs.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER"
1370
+ },
1371
+ {
1372
+ "type": "semgrep_id",
1373
+ "name": "find_sec_bugs.HTTPONLY_COOKIE",
1374
+ "value": "find_sec_bugs.HTTPONLY_COOKIE"
1375
+ },
1376
+ {
1377
+ "type": "semgrep_id",
1378
+ "name": "find_sec_bugs.HTTP_PARAMETER_POLLUTION",
1379
+ "value": "find_sec_bugs.HTTP_PARAMETER_POLLUTION"
1380
+ },
1381
+ {
1382
+ "type": "semgrep_id",
1383
+ "name": "find_sec_bugs.HTTP_RESPONSE_SPLITTING",
1384
+ "value": "find_sec_bugs.HTTP_RESPONSE_SPLITTING"
1385
+ },
1386
+ {
1387
+ "type": "semgrep_id",
1388
+ "name": "find_sec_bugs.IMPROPER_UNICODE",
1389
+ "value": "find_sec_bugs.IMPROPER_UNICODE"
1390
+ },
1391
+ {
1392
+ "type": "semgrep_id",
1393
+ "name": "find_sec_bugs.INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE",
1394
+ "value": "find_sec_bugs.INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE"
1395
+ },
1396
+ {
1397
+ "type": "semgrep_id",
1398
+ "name": "find_sec_bugs.INSECURE_COOKIE",
1399
+ "value": "find_sec_bugs.INSECURE_COOKIE"
1400
+ },
1401
+ {
1402
+ "type": "semgrep_id",
1403
+ "name": "find_sec_bugs.INSECURE_SMTP_SSL",
1404
+ "value": "find_sec_bugs.INSECURE_SMTP_SSL"
1405
+ },
1406
+ {
1407
+ "type": "semgrep_id",
1408
+ "name": "find_sec_bugs.JAXRS_ENDPOINT",
1409
+ "value": "find_sec_bugs.JAXRS_ENDPOINT"
1410
+ },
1411
+ {
1412
+ "type": "semgrep_id",
1413
+ "name": "find_sec_bugs.JAXWS_ENDPOINT",
1414
+ "value": "find_sec_bugs.JAXWS_ENDPOINT"
1415
+ },
1416
+ {
1417
+ "type": "semgrep_id",
1418
+ "name": "find_sec_bugs.LDAP_ANONYMOUS",
1419
+ "value": "find_sec_bugs.LDAP_ANONYMOUS"
1420
+ },
1421
+ {
1422
+ "type": "semgrep_id",
1423
+ "name": "find_sec_bugs.LDAP_ENTRY_POISONING",
1424
+ "value": "find_sec_bugs.LDAP_ENTRY_POISONING"
1425
+ },
1426
+ {
1427
+ "type": "semgrep_id",
1428
+ "name": "find_sec_bugs.LDAP_INJECTION",
1429
+ "value": "find_sec_bugs.LDAP_INJECTION"
1430
+ },
1431
+ {
1432
+ "type": "semgrep_id",
1433
+ "name": "find_sec_bugs.MALICIOUS_XSLT",
1434
+ "value": "find_sec_bugs.MALICIOUS_XSLT"
1435
+ },
1436
+ {
1437
+ "type": "semgrep_id",
1438
+ "name": "find_sec_bugs.MODIFICATION_AFTER_VALIDATION",
1439
+ "value": "find_sec_bugs.MODIFICATION_AFTER_VALIDATION"
1440
+ },
1441
+ {
1442
+ "type": "semgrep_id",
1443
+ "name": "find_sec_bugs.NORMALIZATION_AFTER_VALIDATION",
1444
+ "value": "find_sec_bugs.NORMALIZATION_AFTER_VALIDATION"
1445
+ },
1446
+ {
1447
+ "type": "semgrep_id",
1448
+ "name": "find_sec_bugs.NULL_CIPHER",
1449
+ "value": "find_sec_bugs.NULL_CIPHER"
1450
+ },
1451
+ {
1452
+ "type": "semgrep_id",
1453
+ "name": "find_sec_bugs.OGNL_INJECTION",
1454
+ "value": "find_sec_bugs.OGNL_INJECTION"
1455
+ },
1456
+ {
1457
+ "type": "semgrep_id",
1458
+ "name": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION",
1459
+ "value": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION"
1460
+ },
1461
+ {
1462
+ "type": "semgrep_id",
1463
+ "name": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION-2",
1464
+ "value": "find_sec_bugs.OVERLY_PERMISSIVE_FILE_PERMISSION-2"
1465
+ },
1466
+ {
1467
+ "type": "semgrep_id",
1468
+ "name": "find_sec_bugs.PADDING_ORACLE",
1469
+ "value": "find_sec_bugs.PADDING_ORACLE"
1470
+ },
1471
+ {
1472
+ "type": "semgrep_id",
1473
+ "name": "find_sec_bugs.PATH_TRAVERSAL_IN-1.SCALA_PATH_TRAVERSAL_IN-1",
1474
+ "value": "find_sec_bugs.PATH_TRAVERSAL_IN-1.SCALA_PATH_TRAVERSAL_IN-1"
1475
+ },
1476
+ {
1477
+ "type": "semgrep_id",
1478
+ "name": "find_sec_bugs.PATH_TRAVERSAL_OUT",
1479
+ "value": "find_sec_bugs.PATH_TRAVERSAL_OUT"
1480
+ },
1481
+ {
1482
+ "type": "semgrep_id",
1483
+ "name": "find_sec_bugs.PERMISSIVE_CORS",
1484
+ "value": "find_sec_bugs.PERMISSIVE_CORS"
1485
+ },
1486
+ {
1487
+ "type": "semgrep_id",
1488
+ "name": "find_sec_bugs.PERMISSIVE_CORS-2",
1489
+ "value": "find_sec_bugs.PERMISSIVE_CORS-2"
1490
+ },
1491
+ {
1492
+ "type": "semgrep_id",
1493
+ "name": "find_sec_bugs.PT_ABSOLUTE_PATH_TRAVERSAL",
1494
+ "value": "find_sec_bugs.PT_ABSOLUTE_PATH_TRAVERSAL"
1495
+ },
1496
+ {
1497
+ "type": "semgrep_id",
1498
+ "name": "find_sec_bugs.PT_RELATIVE_PATH_TRAVERSAL",
1499
+ "value": "find_sec_bugs.PT_RELATIVE_PATH_TRAVERSAL"
1500
+ },
1501
+ {
1502
+ "type": "semgrep_id",
1503
+ "name": "find_sec_bugs.REQUESTDISPATCHER_FILE_DISCLOSURE-1.STRUTS_FILE_DISCLOSURE-1.SPRING_FILE_DISCLOSURE-1",
1504
+ "value": "find_sec_bugs.REQUESTDISPATCHER_FILE_DISCLOSURE-1.STRUTS_FILE_DISCLOSURE-1.SPRING_FILE_DISCLOSURE-1"
1505
+ },
1506
+ {
1507
+ "type": "semgrep_id",
1508
+ "name": "find_sec_bugs.RPC_ENABLED_EXTENSIONS",
1509
+ "value": "find_sec_bugs.RPC_ENABLED_EXTENSIONS"
1510
+ },
1511
+ {
1512
+ "type": "semgrep_id",
1513
+ "name": "find_sec_bugs.RSA_KEY_SIZE",
1514
+ "value": "find_sec_bugs.RSA_KEY_SIZE"
1515
+ },
1516
+ {
1517
+ "type": "semgrep_id",
1518
+ "name": "find_sec_bugs.RSA_NO_PADDING",
1519
+ "value": "find_sec_bugs.RSA_NO_PADDING"
1520
+ },
1521
+ {
1522
+ "type": "semgrep_id",
1523
+ "name": "find_sec_bugs.SAML_IGNORE_COMMENTS",
1524
+ "value": "find_sec_bugs.SAML_IGNORE_COMMENTS"
1525
+ },
1526
+ {
1527
+ "type": "semgrep_id",
1528
+ "name": "find_sec_bugs.SCALA_PLAY_SSRF",
1529
+ "value": "find_sec_bugs.SCALA_PLAY_SSRF"
1530
+ },
1531
+ {
1532
+ "type": "semgrep_id",
1533
+ "name": "find_sec_bugs.SCALA_SENSITIVE_DATA_EXPOSURE",
1534
+ "value": "find_sec_bugs.SCALA_SENSITIVE_DATA_EXPOSURE"
1535
+ },
1536
+ {
1537
+ "type": "semgrep_id",
1538
+ "name": "find_sec_bugs.SCALA_XSS_MVC_API",
1539
+ "value": "find_sec_bugs.SCALA_XSS_MVC_API"
1540
+ },
1541
+ {
1542
+ "type": "semgrep_id",
1543
+ "name": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-1.SPEL_INJECTION-1.EL_INJECTION-2.SEAM_LOG_INJECTION-1",
1544
+ "value": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-1.SPEL_INJECTION-1.EL_INJECTION-2.SEAM_LOG_INJECTION-1"
1545
+ },
1546
+ {
1547
+ "type": "semgrep_id",
1548
+ "name": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-2",
1549
+ "value": "find_sec_bugs.SCRIPT_ENGINE_INJECTION-2"
1550
+ },
1551
+ {
1552
+ "type": "semgrep_id",
1553
+ "name": "find_sec_bugs.SMTP_HEADER_INJECTION",
1554
+ "value": "find_sec_bugs.SMTP_HEADER_INJECTION"
1555
+ },
1556
+ {
1557
+ "type": "semgrep_id",
1558
+ "name": "find_sec_bugs.SQL_INJECTION_SPRING_JDBC-1.SQL_INJECTION_JPA-1.SQL_INJECTION_JDO-1.SQL_INJECTION_JDBC-1.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE-1.SCALA_SQL_INJECTION_SLICK-1",
1559
+ "value": "find_sec_bugs.SQL_INJECTION_SPRING_JDBC-1.SQL_INJECTION_JPA-1.SQL_INJECTION_JDO-1.SQL_INJECTION_JDBC-1.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE-1.SCALA_SQL_INJECTION_SLICK-1"
1560
+ },
1561
+ {
1562
+ "type": "semgrep_id",
1563
+ "name": "find_sec_bugs.SSL_CONTEXT",
1564
+ "value": "find_sec_bugs.SSL_CONTEXT"
1565
+ },
1566
+ {
1567
+ "type": "semgrep_id",
1568
+ "name": "find_sec_bugs.STRUTS_FORM_VALIDATION",
1569
+ "value": "find_sec_bugs.STRUTS_FORM_VALIDATION"
1570
+ },
1571
+ {
1572
+ "type": "semgrep_id",
1573
+ "name": "find_sec_bugs.TDES_USAGE",
1574
+ "value": "find_sec_bugs.TDES_USAGE"
1575
+ },
1576
+ {
1577
+ "type": "semgrep_id",
1578
+ "name": "find_sec_bugs.TEMPLATE_INJECTION_PEBBLE-1.TEMPLATE_INJECTION_FREEMARKER-1.TEMPLATE_INJECTION_VELOCITY-1",
1579
+ "value": "find_sec_bugs.TEMPLATE_INJECTION_PEBBLE-1.TEMPLATE_INJECTION_FREEMARKER-1.TEMPLATE_INJECTION_VELOCITY-1"
1580
+ },
1581
+ {
1582
+ "type": "semgrep_id",
1583
+ "name": "find_sec_bugs.TRUST_BOUNDARY_VIOLATION",
1584
+ "value": "find_sec_bugs.TRUST_BOUNDARY_VIOLATION"
1585
+ },
1586
+ {
1587
+ "type": "semgrep_id",
1588
+ "name": "find_sec_bugs.UNENCRYPTED_SOCKET-1.UNENCRYPTED_SERVER_SOCKET-1",
1589
+ "value": "find_sec_bugs.UNENCRYPTED_SOCKET-1.UNENCRYPTED_SERVER_SOCKET-1"
1590
+ },
1591
+ {
1592
+ "type": "semgrep_id",
1593
+ "name": "find_sec_bugs.UNVALIDATED_REDIRECT-1.URL_REWRITING-1",
1594
+ "value": "find_sec_bugs.UNVALIDATED_REDIRECT-1.URL_REWRITING-1"
1595
+ },
1596
+ {
1597
+ "type": "semgrep_id",
1598
+ "name": "find_sec_bugs.URLCONNECTION_SSRF_FD",
1599
+ "value": "find_sec_bugs.URLCONNECTION_SSRF_FD"
1600
+ },
1601
+ {
1602
+ "type": "semgrep_id",
1603
+ "name": "find_sec_bugs.WEAK_FILENAMEUTILS",
1604
+ "value": "find_sec_bugs.WEAK_FILENAMEUTILS"
1605
+ },
1606
+ {
1607
+ "type": "semgrep_id",
1608
+ "name": "find_sec_bugs.WEAK_HOSTNAME_VERIFIER-1.WEAK_TRUST_MANAGER-1",
1609
+ "value": "find_sec_bugs.WEAK_HOSTNAME_VERIFIER-1.WEAK_TRUST_MANAGER-1"
1610
+ },
1611
+ {
1612
+ "type": "semgrep_id",
1613
+ "name": "find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1",
1614
+ "value": "find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1"
1615
+ },
1616
+ {
1617
+ "type": "semgrep_id",
1618
+ "name": "find_sec_bugs.WICKET_XSS1",
1619
+ "value": "find_sec_bugs.WICKET_XSS1"
1620
+ },
1621
+ {
1622
+ "type": "semgrep_id",
1623
+ "name": "find_sec_bugs.XML_DECODER",
1624
+ "value": "find_sec_bugs.XML_DECODER"
1625
+ },
1626
+ {
1627
+ "type": "semgrep_id",
1628
+ "name": "find_sec_bugs.XPATH_INJECTION",
1629
+ "value": "find_sec_bugs.XPATH_INJECTION"
1630
+ },
1631
+ {
1632
+ "type": "semgrep_id",
1633
+ "name": "find_sec_bugs.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER",
1634
+ "value": "find_sec_bugs.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER"
1635
+ },
1636
+ {
1637
+ "type": "semgrep_id",
1638
+ "name": "find_sec_bugs.XSS_REQUEST_WRAPPER",
1639
+ "value": "find_sec_bugs.XSS_REQUEST_WRAPPER"
1640
+ },
1641
+ {
1642
+ "type": "semgrep_id",
1643
+ "name": "find_sec_bugs.XSS_SERVLET",
1644
+ "value": "find_sec_bugs.XSS_SERVLET"
1645
+ },
1646
+ {
1647
+ "type": "semgrep_id",
1648
+ "name": "find_sec_bugs.XXE_DOCUMENT",
1649
+ "value": "find_sec_bugs.XXE_DOCUMENT"
1650
+ },
1651
+ {
1652
+ "type": "semgrep_id",
1653
+ "name": "find_sec_bugs.XXE_DTD_TRANSFORM_FACTORY-1.XXE_XSLT_TRANSFORM_FACTORY-1",
1654
+ "value": "find_sec_bugs.XXE_DTD_TRANSFORM_FACTORY-1.XXE_XSLT_TRANSFORM_FACTORY-1"
1655
+ },
1656
+ {
1657
+ "type": "semgrep_id",
1658
+ "name": "find_sec_bugs.XXE_SAXPARSER",
1659
+ "value": "find_sec_bugs.XXE_SAXPARSER"
1660
+ },
1661
+ {
1662
+ "type": "semgrep_id",
1663
+ "name": "find_sec_bugs.XXE_XMLREADER",
1664
+ "value": "find_sec_bugs.XXE_XMLREADER"
1665
+ },
1666
+ {
1667
+ "type": "semgrep_id",
1668
+ "name": "find_sec_bugs.XXE_XMLSTREAMREADER",
1669
+ "value": "find_sec_bugs.XXE_XMLSTREAMREADER"
1670
+ },
1671
+ {
1672
+ "type": "semgrep_id",
1673
+ "name": "find_sec_bugs.XXE_XPATH",
1674
+ "value": "find_sec_bugs.XXE_XPATH"
1675
+ },
1676
+ {
1677
+ "type": "semgrep_id",
1678
+ "name": "flawfinder.AddAccessAllowedAce-1",
1679
+ "value": "flawfinder.AddAccessAllowedAce-1"
1680
+ },
1681
+ {
1682
+ "type": "semgrep_id",
1683
+ "name": "flawfinder.CreateProcess-1",
1684
+ "value": "flawfinder.CreateProcess-1"
1685
+ },
1686
+ {
1687
+ "type": "semgrep_id",
1688
+ "name": "flawfinder.CreateProcessAsUser-1.CreateProcessWithLogon-1",
1689
+ "value": "flawfinder.CreateProcessAsUser-1.CreateProcessWithLogon-1"
1690
+ },
1691
+ {
1692
+ "type": "semgrep_id",
1693
+ "name": "flawfinder.EVP_des_ecb-1.EVP_des_cbc-1.EVP_des_cfb-1.EVP_des_ofb-1.EVP_desx_cbc-1",
1694
+ "value": "flawfinder.EVP_des_ecb-1.EVP_des_cbc-1.EVP_des_cfb-1.EVP_des_ofb-1.EVP_desx_cbc-1"
1695
+ },
1696
+ {
1697
+ "type": "semgrep_id",
1698
+ "name": "flawfinder.EVP_rc4_40-1.EVP_rc2_40_cbc-1.EVP_rc2_64_cbc-1",
1699
+ "value": "flawfinder.EVP_rc4_40-1.EVP_rc2_40_cbc-1.EVP_rc2_64_cbc-1"
1700
+ },
1701
+ {
1702
+ "type": "semgrep_id",
1703
+ "name": "flawfinder.GetTempFileName-1",
1704
+ "value": "flawfinder.GetTempFileName-1"
1705
+ },
1706
+ {
1707
+ "type": "semgrep_id",
1708
+ "name": "flawfinder.LoadLibrary-1",
1709
+ "value": "flawfinder.LoadLibrary-1"
1710
+ },
1711
+ {
1712
+ "type": "semgrep_id",
1713
+ "name": "flawfinder.LoadLibraryEx-1",
1714
+ "value": "flawfinder.LoadLibraryEx-1"
1715
+ },
1716
+ {
1717
+ "type": "semgrep_id",
1718
+ "name": "flawfinder.MultiByteToWideChar-1",
1719
+ "value": "flawfinder.MultiByteToWideChar-1"
1720
+ },
1721
+ {
1722
+ "type": "semgrep_id",
1723
+ "name": "flawfinder.RpcImpersonateClient-1.ImpersonateLoggedOnUser-1.CoImpersonateClient-1.ImpersonateNamedPipeClient-1.ImpersonateDdeClientWindow-1.ImpersonateSecurityContext-1.SetThreadToken-1",
1724
+ "value": "flawfinder.RpcImpersonateClient-1.ImpersonateLoggedOnUser-1.CoImpersonateClient-1.ImpersonateNamedPipeClient-1.ImpersonateDdeClientWindow-1.ImpersonateSecurityContext-1.SetThreadToken-1"
1725
+ },
1726
+ {
1727
+ "type": "semgrep_id",
1728
+ "name": "flawfinder.SetSecurityDescriptorDacl-1",
1729
+ "value": "flawfinder.SetSecurityDescriptorDacl-1"
1730
+ },
1731
+ {
1732
+ "type": "semgrep_id",
1733
+ "name": "flawfinder.StrCat-1.StrCatA-1.StrcatW-1.lstrcatA-1.lstrcatW-1.strCatBuff-1.StrCatBuffA-1.StrCatBuffW-1.StrCatChainW-1._tccat-1._mbccat-1._ftcscat-1.StrCatN-1.StrCatNA-1.StrCatNW-1.StrNCat-1.StrNCatA-1.StrNCatW-1.lstrncat-1.lstrcatnA-1.lstrcatnW-1",
1734
+ "value": "flawfinder.StrCat-1.StrCatA-1.StrcatW-1.lstrcatA-1.lstrcatW-1.strCatBuff-1.StrCatBuffA-1.StrCatBuffW-1.StrCatChainW-1._tccat-1._mbccat-1._ftcscat-1.StrCatN-1.StrCatNA-1.StrCatNW-1.StrNCat-1.StrNCatA-1.StrNCatW-1.lstrncat-1.lstrcatnA-1.lstrcatnW-1"
1735
+ },
1736
+ {
1737
+ "type": "semgrep_id",
1738
+ "name": "flawfinder.access-1",
1739
+ "value": "flawfinder.access-1"
1740
+ },
1741
+ {
1742
+ "type": "semgrep_id",
1743
+ "name": "flawfinder.atoi-1.atol-1._wtoi-1._wtoi64-1",
1744
+ "value": "flawfinder.atoi-1.atol-1._wtoi-1._wtoi64-1"
1745
+ },
1746
+ {
1747
+ "type": "semgrep_id",
1748
+ "name": "flawfinder.chmod-1",
1749
+ "value": "flawfinder.chmod-1"
1750
+ },
1751
+ {
1752
+ "type": "semgrep_id",
1753
+ "name": "flawfinder.chown-1",
1754
+ "value": "flawfinder.chown-1"
1755
+ },
1756
+ {
1757
+ "type": "semgrep_id",
1758
+ "name": "flawfinder.crypt-1.crypt_r-1",
1759
+ "value": "flawfinder.crypt-1.crypt_r-1"
1760
+ },
1761
+ {
1762
+ "type": "semgrep_id",
1763
+ "name": "flawfinder.cuserid-1",
1764
+ "value": "flawfinder.cuserid-1"
1765
+ },
1766
+ {
1767
+ "type": "semgrep_id",
1768
+ "name": "flawfinder.drand48-1.erand48-1.jrand48-1.lcong48-1.lrand48-1.mrand48-1.nrand48-1.random-1.seed48-1.setstate-1.srand-1.strfry-1.srandom-1.g_rand_boolean-1.g_rand_int-1.g_rand_int_range-1.g_rand_double-1.g_rand_double_range-1.g_random_boolean-1.g_random_int-1.g_random_int_range-1.g_random_double-1.g_random_double_range-1",
1769
+ "value": "flawfinder.drand48-1.erand48-1.jrand48-1.lcong48-1.lrand48-1.mrand48-1.nrand48-1.random-1.seed48-1.setstate-1.srand-1.strfry-1.srandom-1.g_rand_boolean-1.g_rand_int-1.g_rand_int_range-1.g_rand_double-1.g_rand_double_range-1.g_random_boolean-1.g_random_int-1.g_random_int_range-1.g_random_double-1.g_random_double_range-1"
1770
+ },
1771
+ {
1772
+ "type": "semgrep_id",
1773
+ "name": "flawfinder.execl-1.execlp-1.execle-1.execv-1.execvp-1.popen-1.WinExec-1.ShellExecute-1",
1774
+ "value": "flawfinder.execl-1.execlp-1.execle-1.execv-1.execvp-1.popen-1.WinExec-1.ShellExecute-1"
1775
+ },
1776
+ {
1777
+ "type": "semgrep_id",
1778
+ "name": "flawfinder.fopen-1.open-1",
1779
+ "value": "flawfinder.fopen-1.open-1"
1780
+ },
1781
+ {
1782
+ "type": "semgrep_id",
1783
+ "name": "flawfinder.fprintf-1.vfprintf-1._ftprintf-1._vftprintf-1.fwprintf-1.fvwprintf-1",
1784
+ "value": "flawfinder.fprintf-1.vfprintf-1._ftprintf-1._vftprintf-1.fwprintf-1.fvwprintf-1"
1785
+ },
1786
+ {
1787
+ "type": "semgrep_id",
1788
+ "name": "flawfinder.fscanf-1.sscanf-1.vsscanf-1.vfscanf-1._ftscanf-1.fwscanf-1.vfwscanf-1.vswscanf-1",
1789
+ "value": "flawfinder.fscanf-1.sscanf-1.vsscanf-1.vfscanf-1._ftscanf-1.fwscanf-1.vfwscanf-1.vswscanf-1"
1790
+ },
1791
+ {
1792
+ "type": "semgrep_id",
1793
+ "name": "flawfinder.g_get_home_dir-1",
1794
+ "value": "flawfinder.g_get_home_dir-1"
1795
+ },
1796
+ {
1797
+ "type": "semgrep_id",
1798
+ "name": "flawfinder.g_get_tmp_dir-1",
1799
+ "value": "flawfinder.g_get_tmp_dir-1"
1800
+ },
1801
+ {
1802
+ "type": "semgrep_id",
1803
+ "name": "flawfinder.getenv-1.curl_getenv-1",
1804
+ "value": "flawfinder.getenv-1.curl_getenv-1"
1805
+ },
1806
+ {
1807
+ "type": "semgrep_id",
1808
+ "name": "flawfinder.getlogin-1",
1809
+ "value": "flawfinder.getlogin-1"
1810
+ },
1811
+ {
1812
+ "type": "semgrep_id",
1813
+ "name": "flawfinder.getpass-1",
1814
+ "value": "flawfinder.getpass-1"
1815
+ },
1816
+ {
1817
+ "type": "semgrep_id",
1818
+ "name": "flawfinder.gets-1._getts-1",
1819
+ "value": "flawfinder.gets-1._getts-1"
1820
+ },
1821
+ {
1822
+ "type": "semgrep_id",
1823
+ "name": "flawfinder.getwd-1",
1824
+ "value": "flawfinder.getwd-1"
1825
+ },
1826
+ {
1827
+ "type": "semgrep_id",
1828
+ "name": "flawfinder.gsignal-1.ssignal-1",
1829
+ "value": "flawfinder.gsignal-1.ssignal-1"
1830
+ },
1831
+ {
1832
+ "type": "semgrep_id",
1833
+ "name": "flawfinder.lstrcat-1.wcscat-1._tcscat-1._mbscat-1",
1834
+ "value": "flawfinder.lstrcat-1.wcscat-1._tcscat-1._mbscat-1"
1835
+ },
1836
+ {
1837
+ "type": "semgrep_id",
1838
+ "name": "flawfinder.lstrcatn-1.wcsncat-1._tcsncat-1._mbsnbcat-1",
1839
+ "value": "flawfinder.lstrcatn-1.wcsncat-1._tcsncat-1._mbsnbcat-1"
1840
+ },
1841
+ {
1842
+ "type": "semgrep_id",
1843
+ "name": "flawfinder.lstrcpy-1.wcscpy-1._tcscpy-1._mbscpy-1",
1844
+ "value": "flawfinder.lstrcpy-1.wcscpy-1._tcscpy-1._mbscpy-1"
1845
+ },
1846
+ {
1847
+ "type": "semgrep_id",
1848
+ "name": "flawfinder.lstrcpyn-1.wcsncpy-1._tcsncpy-1._mbsnbcpy-1",
1849
+ "value": "flawfinder.lstrcpyn-1.wcsncpy-1._tcsncpy-1._mbsnbcpy-1"
1850
+ },
1851
+ {
1852
+ "type": "semgrep_id",
1853
+ "name": "flawfinder.memalign-1",
1854
+ "value": "flawfinder.memalign-1"
1855
+ },
1856
+ {
1857
+ "type": "semgrep_id",
1858
+ "name": "flawfinder.memcpy-1.CopyMemory-1.bcopy-1",
1859
+ "value": "flawfinder.memcpy-1.CopyMemory-1.bcopy-1"
1860
+ },
1861
+ {
1862
+ "type": "semgrep_id",
1863
+ "name": "flawfinder.mkstemp-1",
1864
+ "value": "flawfinder.mkstemp-1"
1865
+ },
1866
+ {
1867
+ "type": "semgrep_id",
1868
+ "name": "flawfinder.mktemp-1",
1869
+ "value": "flawfinder.mktemp-1"
1870
+ },
1871
+ {
1872
+ "type": "semgrep_id",
1873
+ "name": "flawfinder.printf-1.vprintf-1.vwprintf-1.vfwprintf-1._vtprintf-1.wprintf-1",
1874
+ "value": "flawfinder.printf-1.vprintf-1.vwprintf-1.vfwprintf-1._vtprintf-1.wprintf-1"
1875
+ },
1876
+ {
1877
+ "type": "semgrep_id",
1878
+ "name": "flawfinder.readlink-1",
1879
+ "value": "flawfinder.readlink-1"
1880
+ },
1881
+ {
1882
+ "type": "semgrep_id",
1883
+ "name": "flawfinder.realpath-1",
1884
+ "value": "flawfinder.realpath-1"
1885
+ },
1886
+ {
1887
+ "type": "semgrep_id",
1888
+ "name": "flawfinder.scanf-1.vscanf-1.wscanf-1._tscanf-1.vwscanf-1",
1889
+ "value": "flawfinder.scanf-1.vscanf-1.wscanf-1._tscanf-1.vwscanf-1"
1890
+ },
1891
+ {
1892
+ "type": "semgrep_id",
1893
+ "name": "flawfinder.snprintf-1.vsnprintf-1._snprintf-1._sntprintf-1._vsntprintf-1",
1894
+ "value": "flawfinder.snprintf-1.vsnprintf-1._snprintf-1._sntprintf-1._vsntprintf-1"
1895
+ },
1896
+ {
1897
+ "type": "semgrep_id",
1898
+ "name": "flawfinder.sprintf-1.vsprintf-1.swprintf-1.vswprintf-1._stprintf-1._vstprintf-1",
1899
+ "value": "flawfinder.sprintf-1.vsprintf-1.swprintf-1.vswprintf-1._stprintf-1._vstprintf-1"
1900
+ },
1901
+ {
1902
+ "type": "semgrep_id",
1903
+ "name": "flawfinder.strcat-1",
1904
+ "value": "flawfinder.strcat-1"
1905
+ },
1906
+ {
1907
+ "type": "semgrep_id",
1908
+ "name": "flawfinder.strccpy-1.strcadd-1",
1909
+ "value": "flawfinder.strccpy-1.strcadd-1"
1910
+ },
1911
+ {
1912
+ "type": "semgrep_id",
1913
+ "name": "flawfinder.strcpy-1",
1914
+ "value": "flawfinder.strcpy-1"
1915
+ },
1916
+ {
1917
+ "type": "semgrep_id",
1918
+ "name": "flawfinder.strcpyA-1.strcpyW-1.StrCpy-1.StrCpyA-1.lstrcpyA-1.lstrcpyW-1._tccpy-1._mbccpy-1._ftcscpy-1._mbsncpy-1.StrCpyN-1.StrCpyNA-1.StrCpyNW-1.StrNCpy-1.strcpynA-1.StrNCpyA-1.StrNCpyW-1.lstrcpynA-1.lstrcpynW-1",
1919
+ "value": "flawfinder.strcpyA-1.strcpyW-1.StrCpy-1.StrCpyA-1.lstrcpyA-1.lstrcpyW-1._tccpy-1._mbccpy-1._ftcscpy-1._mbsncpy-1.StrCpyN-1.StrCpyNA-1.StrCpyNW-1.StrNCpy-1.strcpynA-1.StrNCpyA-1.StrNCpyW-1.lstrcpynA-1.lstrcpynW-1"
1920
+ },
1921
+ {
1922
+ "type": "semgrep_id",
1923
+ "name": "flawfinder.streadd-1.strecpy-1",
1924
+ "value": "flawfinder.streadd-1.strecpy-1"
1925
+ },
1926
+ {
1927
+ "type": "semgrep_id",
1928
+ "name": "flawfinder.strlen-1.wcslen-1._tcslen-1._mbslen-1",
1929
+ "value": "flawfinder.strlen-1.wcslen-1._tcslen-1._mbslen-1"
1930
+ },
1931
+ {
1932
+ "type": "semgrep_id",
1933
+ "name": "flawfinder.strncat-1",
1934
+ "value": "flawfinder.strncat-1"
1935
+ },
1936
+ {
1937
+ "type": "semgrep_id",
1938
+ "name": "flawfinder.strncpy-1",
1939
+ "value": "flawfinder.strncpy-1"
1940
+ },
1941
+ {
1942
+ "type": "semgrep_id",
1943
+ "name": "flawfinder.strtrns-1",
1944
+ "value": "flawfinder.strtrns-1"
1945
+ },
1946
+ {
1947
+ "type": "semgrep_id",
1948
+ "name": "flawfinder.syslog-1",
1949
+ "value": "flawfinder.syslog-1"
1950
+ },
1951
+ {
1952
+ "type": "semgrep_id",
1953
+ "name": "flawfinder.system-1",
1954
+ "value": "flawfinder.system-1"
1955
+ },
1956
+ {
1957
+ "type": "semgrep_id",
1958
+ "name": "flawfinder.tmpfile-1",
1959
+ "value": "flawfinder.tmpfile-1"
1960
+ },
1961
+ {
1962
+ "type": "semgrep_id",
1963
+ "name": "flawfinder.tmpnam-1.tempnam-1",
1964
+ "value": "flawfinder.tmpnam-1.tempnam-1"
1965
+ },
1966
+ {
1967
+ "type": "semgrep_id",
1968
+ "name": "flawfinder.ulimit-1",
1969
+ "value": "flawfinder.ulimit-1"
1970
+ },
1971
+ {
1972
+ "type": "semgrep_id",
1973
+ "name": "flawfinder.umask-1",
1974
+ "value": "flawfinder.umask-1"
1975
+ },
1976
+ {
1977
+ "type": "semgrep_id",
1978
+ "name": "flawfinder.usleep-1",
1979
+ "value": "flawfinder.usleep-1"
1980
+ },
1981
+ {
1982
+ "type": "semgrep_id",
1983
+ "name": "flawfinder.vfork-1",
1984
+ "value": "flawfinder.vfork-1"
1985
+ },
1986
+ {
1987
+ "type": "semgrep_id",
1988
+ "name": "generic_injection_rule-BiDiTrojanSource",
1989
+ "value": "generic_injection_rule-BiDiTrojanSource"
1990
+ },
1991
+ {
1992
+ "type": "semgrep_id",
1993
+ "name": "gosec.G102-1",
1994
+ "value": "gosec.G102-1"
1995
+ },
1996
+ {
1997
+ "type": "semgrep_id",
1998
+ "name": "gosec.G103-1",
1999
+ "value": "gosec.G103-1"
2000
+ },
2001
+ {
2002
+ "type": "semgrep_id",
2003
+ "name": "gosec.G106-1",
2004
+ "value": "gosec.G106-1"
2005
+ },
2006
+ {
2007
+ "type": "semgrep_id",
2008
+ "name": "gosec.G107-1",
2009
+ "value": "gosec.G107-1"
2010
+ },
2011
+ {
2012
+ "type": "semgrep_id",
2013
+ "name": "gosec.G108-1",
2014
+ "value": "gosec.G108-1"
2015
+ },
2016
+ {
2017
+ "type": "semgrep_id",
2018
+ "name": "gosec.G109-1",
2019
+ "value": "gosec.G109-1"
2020
+ },
2021
+ {
2022
+ "type": "semgrep_id",
2023
+ "name": "gosec.G110-1",
2024
+ "value": "gosec.G110-1"
2025
+ },
2026
+ {
2027
+ "type": "semgrep_id",
2028
+ "name": "gosec.G111-1",
2029
+ "value": "gosec.G111-1"
2030
+ },
2031
+ {
2032
+ "type": "semgrep_id",
2033
+ "name": "gosec.G114-1",
2034
+ "value": "gosec.G114-1"
2035
+ },
2036
+ {
2037
+ "type": "semgrep_id",
2038
+ "name": "gosec.G202-1",
2039
+ "value": "gosec.G202-1"
2040
+ },
2041
+ {
2042
+ "type": "semgrep_id",
2043
+ "name": "gosec.G203-1",
2044
+ "value": "gosec.G203-1"
2045
+ },
2046
+ {
2047
+ "type": "semgrep_id",
2048
+ "name": "gosec.G204-1",
2049
+ "value": "gosec.G204-1"
2050
+ },
2051
+ {
2052
+ "type": "semgrep_id",
2053
+ "name": "gosec.G301-1",
2054
+ "value": "gosec.G301-1"
2055
+ },
2056
+ {
2057
+ "type": "semgrep_id",
2058
+ "name": "gosec.G302-1",
2059
+ "value": "gosec.G302-1"
2060
+ },
2061
+ {
2062
+ "type": "semgrep_id",
2063
+ "name": "gosec.G303-1",
2064
+ "value": "gosec.G303-1"
2065
+ },
2066
+ {
2067
+ "type": "semgrep_id",
2068
+ "name": "gosec.G304-1",
2069
+ "value": "gosec.G304-1"
2070
+ },
2071
+ {
2072
+ "type": "semgrep_id",
2073
+ "name": "gosec.G305-1",
2074
+ "value": "gosec.G305-1"
2075
+ },
2076
+ {
2077
+ "type": "semgrep_id",
2078
+ "name": "gosec.G306-1",
2079
+ "value": "gosec.G306-1"
2080
+ },
2081
+ {
2082
+ "type": "semgrep_id",
2083
+ "name": "gosec.G402-1",
2084
+ "value": "gosec.G402-1"
2085
+ },
2086
+ {
2087
+ "type": "semgrep_id",
2088
+ "name": "gosec.G402-2",
2089
+ "value": "gosec.G402-2"
2090
+ },
2091
+ {
2092
+ "type": "semgrep_id",
2093
+ "name": "gosec.G403-1",
2094
+ "value": "gosec.G403-1"
2095
+ },
2096
+ {
2097
+ "type": "semgrep_id",
2098
+ "name": "gosec.G404-1",
2099
+ "value": "gosec.G404-1"
2100
+ },
2101
+ {
2102
+ "type": "semgrep_id",
2103
+ "name": "gosec.G501-1",
2104
+ "value": "gosec.G501-1"
2105
+ },
2106
+ {
2107
+ "type": "semgrep_id",
2108
+ "name": "gosec.G502-1",
2109
+ "value": "gosec.G502-1"
2110
+ },
2111
+ {
2112
+ "type": "semgrep_id",
2113
+ "name": "gosec.G503-1",
2114
+ "value": "gosec.G503-1"
2115
+ },
2116
+ {
2117
+ "type": "semgrep_id",
2118
+ "name": "gosec.G505-1",
2119
+ "value": "gosec.G505-1"
2120
+ },
2121
+ {
2122
+ "type": "semgrep_id",
2123
+ "name": "gosec.G601-1",
2124
+ "value": "gosec.G601-1"
2125
+ },
2126
+ {
2127
+ "type": "semgrep_id",
2128
+ "name": "java_cookie_rule-CookieHTTPOnly",
2129
+ "value": "java_cookie_rule-CookieHTTPOnly"
2130
+ },
2131
+ {
2132
+ "type": "semgrep_id",
2133
+ "name": "java_crypto_rule-DisallowOldTLSVersion",
2134
+ "value": "java_crypto_rule-DisallowOldTLSVersion"
2135
+ },
2136
+ {
2137
+ "type": "semgrep_id",
2138
+ "name": "java_crypto_rule-GCMNonceReuse",
2139
+ "value": "java_crypto_rule-GCMNonceReuse"
2140
+ },
2141
+ {
2142
+ "type": "semgrep_id",
2143
+ "name": "java_crypto_rule-HTTPUrlConnectionHTTPRequest",
2144
+ "value": "java_crypto_rule-HTTPUrlConnectionHTTPRequest"
2145
+ },
2146
+ {
2147
+ "type": "semgrep_id",
2148
+ "name": "java_crypto_rule-HttpComponentsRequest",
2149
+ "value": "java_crypto_rule-HttpComponentsRequest"
2150
+ },
2151
+ {
2152
+ "type": "semgrep_id",
2153
+ "name": "java_crypto_rule-HttpGetHTTPRequest",
2154
+ "value": "java_crypto_rule-HttpGetHTTPRequest"
2155
+ },
2156
+ {
2157
+ "type": "semgrep_id",
2158
+ "name": "java_crypto_rule-SocketRequestUnsafeProtocols",
2159
+ "value": "java_crypto_rule-SocketRequestUnsafeProtocols"
2160
+ },
2161
+ {
2162
+ "type": "semgrep_id",
2163
+ "name": "java_crypto_rule-SpringFTPRequest",
2164
+ "value": "java_crypto_rule-SpringFTPRequest"
2165
+ },
2166
+ {
2167
+ "type": "semgrep_id",
2168
+ "name": "java_crypto_rule-SpringHTTPRequestRestTemplate",
2169
+ "value": "java_crypto_rule-SpringHTTPRequestRestTemplate"
2170
+ },
2171
+ {
2172
+ "type": "semgrep_id",
2173
+ "name": "java_crypto_rule-TLSUnsafeRenegotiation",
2174
+ "value": "java_crypto_rule-TLSUnsafeRenegotiation"
2175
+ },
2176
+ {
2177
+ "type": "semgrep_id",
2178
+ "name": "java_crypto_rule-TelnetRequest",
2179
+ "value": "java_crypto_rule-TelnetRequest"
2180
+ },
2181
+ {
2182
+ "type": "semgrep_id",
2183
+ "name": "java_crypto_rule-UnirestHTTPRequest",
2184
+ "value": "java_crypto_rule-UnirestHTTPRequest"
2185
+ },
2186
+ {
2187
+ "type": "semgrep_id",
2188
+ "name": "java_crypto_rule-UseOfRC2",
2189
+ "value": "java_crypto_rule-UseOfRC2"
2190
+ },
2191
+ {
2192
+ "type": "semgrep_id",
2193
+ "name": "java_crypto_rule-UseOfRC4",
2194
+ "value": "java_crypto_rule-UseOfRC4"
2195
+ },
2196
+ {
2197
+ "type": "semgrep_id",
2198
+ "name": "java_crypto_rule_JwtDecodeWithoutVerify",
2199
+ "value": "java_crypto_rule_JwtDecodeWithoutVerify",
2200
+ "url": "https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/"
2201
+ },
2202
+ {
2203
+ "type": "semgrep_id",
2204
+ "name": "java_crypto_rule_JwtNoneAlgorithm",
2205
+ "value": "java_crypto_rule_JwtNoneAlgorithm",
2206
+ "url": "https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/"
2207
+ },
2208
+ {
2209
+ "type": "semgrep_id",
2210
+ "name": "java_csrf_rule-SpringCSRFDisabled",
2211
+ "value": "java_csrf_rule-SpringCSRFDisabled"
2212
+ },
2213
+ {
2214
+ "type": "semgrep_id",
2215
+ "name": "java_csrf_rule-UnrestrictedRequestMapping",
2216
+ "value": "java_csrf_rule-UnrestrictedRequestMapping",
2217
+ "url": "https://find-sec-bugs.github.io/bugs.htm#SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING"
2218
+ },
2219
+ {
2220
+ "type": "semgrep_id",
2221
+ "name": "java_deserialization_rule-InsecureDeserialization",
2222
+ "value": "java_deserialization_rule-InsecureDeserialization"
2223
+ },
2224
+ {
2225
+ "type": "semgrep_id",
2226
+ "name": "java_deserialization_rule-InsecureJmsDeserialization",
2227
+ "value": "java_deserialization_rule-InsecureJmsDeserialization"
2228
+ },
2229
+ {
2230
+ "type": "semgrep_id",
2231
+ "name": "java_deserialization_rule-JacksonUnsafeDeserialization",
2232
+ "value": "java_deserialization_rule-JacksonUnsafeDeserialization"
2233
+ },
2234
+ {
2235
+ "type": "semgrep_id",
2236
+ "name": "java_deserialization_rule-ServerDangerousObjectDeserialization",
2237
+ "value": "java_deserialization_rule-ServerDangerousObjectDeserialization"
2238
+ },
2239
+ {
2240
+ "type": "semgrep_id",
2241
+ "name": "java_deserialization_rule-SnakeYamlConstructor",
2242
+ "value": "java_deserialization_rule-SnakeYamlConstructor"
2243
+ },
2244
+ {
2245
+ "type": "semgrep_id",
2246
+ "name": "java_endpoint_rule-ManuallyConstructedURLs",
2247
+ "value": "java_endpoint_rule-ManuallyConstructedURLs"
2248
+ },
2249
+ {
2250
+ "type": "semgrep_id",
2251
+ "name": "java_file_rule-FilePathTraversalHttpServlet",
2252
+ "value": "java_file_rule-FilePathTraversalHttpServlet",
2253
+ "url": "https://find-sec-bugs.github.io/bugs.htm#PATH_TRAVERSAL_IN"
2254
+ },
2255
+ {
2256
+ "type": "semgrep_id",
2257
+ "name": "java_ftp_rule-FTPInsecureTransport",
2258
+ "value": "java_ftp_rule-FTPInsecureTransport"
2259
+ },
2260
+ {
2261
+ "type": "semgrep_id",
2262
+ "name": "java_inject_rule-DangerousGroovyShell",
2263
+ "value": "java_inject_rule-DangerousGroovyShell",
2264
+ "url": "https://find-sec-bugs.github.io/bugs.htm#GROOVY_SHELL"
2265
+ },
2266
+ {
2267
+ "type": "semgrep_id",
2268
+ "name": "java_inject_rule-EnvInjection",
2269
+ "value": "java_inject_rule-EnvInjection"
2270
+ },
2271
+ {
2272
+ "type": "semgrep_id",
2273
+ "name": "java_inject_rule-MongodbNoSQLi",
2274
+ "value": "java_inject_rule-MongodbNoSQLi"
2275
+ },
2276
+ {
2277
+ "type": "semgrep_id",
2278
+ "name": "java_inject_rule-SeamLogInjection",
2279
+ "value": "java_inject_rule-SeamLogInjection"
2280
+ },
2281
+ {
2282
+ "type": "semgrep_id",
2283
+ "name": "java_inject_rule-SqlInjection",
2284
+ "value": "java_inject_rule-SqlInjection"
2285
+ },
2286
+ {
2287
+ "type": "semgrep_id",
2288
+ "name": "java_traversal_rule-RelativePathTraversal",
2289
+ "value": "java_traversal_rule-RelativePathTraversal"
2290
+ },
2291
+ {
2292
+ "type": "semgrep_id",
2293
+ "name": "java_xpathi_rule-XpathInjection",
2294
+ "value": "java_xpathi_rule-XpathInjection"
2295
+ },
2296
+ {
2297
+ "type": "semgrep_id",
2298
+ "name": "java_xxe_rule-DisallowDoctypeDeclFalse",
2299
+ "value": "java_xxe_rule-DisallowDoctypeDeclFalse"
2300
+ },
2301
+ {
2302
+ "type": "semgrep_id",
2303
+ "name": "java_xxe_rule-DocumentBuilderFactoryDisallowDoctypeDeclMissing",
2304
+ "value": "java_xxe_rule-DocumentBuilderFactoryDisallowDoctypeDeclMissing"
2305
+ },
2306
+ {
2307
+ "type": "semgrep_id",
2308
+ "name": "java_xxe_rule-ExternalGeneralEntitiesTrue",
2309
+ "value": "java_xxe_rule-ExternalGeneralEntitiesTrue"
2310
+ },
2311
+ {
2312
+ "type": "semgrep_id",
2313
+ "name": "java_xxe_rule-ExternalParameterEntitiesTrue",
2314
+ "value": "java_xxe_rule-ExternalParameterEntitiesTrue"
2315
+ },
2316
+ {
2317
+ "type": "semgrep_id",
2318
+ "name": "java_xxe_rule-SAXParserFactoryDisallowDoctypeDeclMissing",
2319
+ "value": "java_xxe_rule-SAXParserFactoryDisallowDoctypeDeclMissing"
2320
+ },
2321
+ {
2322
+ "type": "semgrep_id",
2323
+ "name": "java_xxe_rule-TransformerfactoryDTDNotDisabled",
2324
+ "value": "java_xxe_rule-TransformerfactoryDTDNotDisabled"
2325
+ },
2326
+ {
2327
+ "type": "semgrep_id",
2328
+ "name": "java_xxe_rule-XMLInputFactoryExternalEntitiesEnabled",
2329
+ "value": "java_xxe_rule-XMLInputFactoryExternalEntitiesEnabled"
2330
+ },
2331
+ {
2332
+ "type": "semgrep_id",
2333
+ "name": "java_xxe_rule-XMLStreamRdr",
2334
+ "value": "java_xxe_rule-XMLStreamRdr"
2335
+ },
2336
+ {
2337
+ "type": "semgrep_id",
2338
+ "name": "javascript_crypto_rule-NodeLibcurlSSLVerificationDisable",
2339
+ "value": "javascript_crypto_rule-NodeLibcurlSSLVerificationDisable"
2340
+ },
2341
+ {
2342
+ "type": "semgrep_id",
2343
+ "name": "javascript_exec_rule-child-process",
2344
+ "value": "javascript_exec_rule-child-process",
2345
+ "url": "https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-child-process.js"
2346
+ },
2347
+ {
2348
+ "type": "semgrep_id",
2349
+ "name": "kotlin_pathtraversal_rule-FilePathTraversal",
2350
+ "value": "kotlin_pathtraversal_rule-FilePathTraversal"
2351
+ },
2352
+ {
2353
+ "type": "semgrep_id",
2354
+ "name": "mobsf.java-webview-rule-ignore_ssl_certificate_errors",
2355
+ "value": "mobsf.java-webview-rule-ignore_ssl_certificate_errors"
2356
+ },
2357
+ {
2358
+ "type": "semgrep_id",
2359
+ "name": "mobsf.java-webview-rule-webview_debugging",
2360
+ "value": "mobsf.java-webview-rule-webview_debugging"
2361
+ },
2362
+ {
2363
+ "type": "semgrep_id",
2364
+ "name": "mobsf.java-webview-rule-webview_external_storage",
2365
+ "value": "mobsf.java-webview-rule-webview_external_storage"
2366
+ },
2367
+ {
2368
+ "type": "semgrep_id",
2369
+ "name": "mobsf.java-webview-rule-webview_set_allow_file_access",
2370
+ "value": "mobsf.java-webview-rule-webview_set_allow_file_access"
2371
+ },
2372
+ {
2373
+ "type": "semgrep_id",
2374
+ "name": "mobsf.kotlin-webview-rule-android_kotlin_webview_debug",
2375
+ "value": "mobsf.kotlin-webview-rule-android_kotlin_webview_debug"
2376
+ },
2377
+ {
2378
+ "type": "semgrep_id",
2379
+ "name": "mobsf.oc-other-rule-ios_self_signed_ssl",
2380
+ "value": "mobsf.oc-other-rule-ios_self_signed_ssl"
2381
+ },
2382
+ {
2383
+ "type": "semgrep_id",
2384
+ "name": "mobsf.oc-other-rule-ios_webview_ignore_ssl",
2385
+ "value": "mobsf.oc-other-rule-ios_webview_ignore_ssl"
2386
+ },
2387
+ {
2388
+ "type": "semgrep_id",
2389
+ "name": "mobsf.swift-other-rule-ios_biometric_acl",
2390
+ "value": "mobsf.swift-other-rule-ios_biometric_acl"
2391
+ },
2392
+ {
2393
+ "type": "semgrep_id",
2394
+ "name": "mobsf.swift-other-rule-ios_dtls1_used",
2395
+ "value": "mobsf.swift-other-rule-ios_dtls1_used"
2396
+ },
2397
+ {
2398
+ "type": "semgrep_id",
2399
+ "name": "mobsf.swift-other-rule-ios_file_no_special",
2400
+ "value": "mobsf.swift-other-rule-ios_file_no_special"
2401
+ },
2402
+ {
2403
+ "type": "semgrep_id",
2404
+ "name": "mobsf.swift-other-rule-ios_keychain_weak_accessibility_value",
2405
+ "value": "mobsf.swift-other-rule-ios_keychain_weak_accessibility_value"
2406
+ },
2407
+ {
2408
+ "type": "semgrep_id",
2409
+ "name": "mobsf.swift-other-rule-ios_tls3_not_used",
2410
+ "value": "mobsf.swift-other-rule-ios_tls3_not_used"
2411
+ },
2412
+ {
2413
+ "type": "semgrep_id",
2414
+ "name": "nodejs_scan.javascript-crypto-rule-node_aes_ecb",
2415
+ "value": "nodejs_scan.javascript-crypto-rule-node_aes_ecb"
2416
+ },
2417
+ {
2418
+ "type": "semgrep_id",
2419
+ "name": "nodejs_scan.javascript-crypto-rule-node_aes_noiv",
2420
+ "value": "nodejs_scan.javascript-crypto-rule-node_aes_noiv"
2421
+ },
2422
+ {
2423
+ "type": "semgrep_id",
2424
+ "name": "nodejs_scan.javascript-crypto-rule-node_insecure_random_generator",
2425
+ "value": "nodejs_scan.javascript-crypto-rule-node_insecure_random_generator"
2426
+ },
2427
+ {
2428
+ "type": "semgrep_id",
2429
+ "name": "nodejs_scan.javascript-crypto-rule-node_md5",
2430
+ "value": "nodejs_scan.javascript-crypto-rule-node_md5"
2431
+ },
2432
+ {
2433
+ "type": "semgrep_id",
2434
+ "name": "nodejs_scan.javascript-crypto-rule-node_sha1",
2435
+ "value": "nodejs_scan.javascript-crypto-rule-node_sha1"
2436
+ },
2437
+ {
2438
+ "type": "semgrep_id",
2439
+ "name": "nodejs_scan.javascript-crypto-rule-node_timing_attack",
2440
+ "value": "nodejs_scan.javascript-crypto-rule-node_timing_attack"
2441
+ },
2442
+ {
2443
+ "type": "semgrep_id",
2444
+ "name": "nodejs_scan.javascript-crypto-rule-node_tls_reject",
2445
+ "value": "nodejs_scan.javascript-crypto-rule-node_tls_reject"
2446
+ },
2447
+ {
2448
+ "type": "semgrep_id",
2449
+ "name": "nodejs_scan.javascript-crypto-rule-node_weak_crypto",
2450
+ "value": "nodejs_scan.javascript-crypto-rule-node_weak_crypto"
2451
+ },
2452
+ {
2453
+ "type": "semgrep_id",
2454
+ "name": "nodejs_scan.javascript-database-rule-node_knex_sqli_injection",
2455
+ "value": "nodejs_scan.javascript-database-rule-node_knex_sqli_injection"
2456
+ },
2457
+ {
2458
+ "type": "semgrep_id",
2459
+ "name": "nodejs_scan.javascript-database-rule-node_nosqli_injection",
2460
+ "value": "nodejs_scan.javascript-database-rule-node_nosqli_injection"
2461
+ },
2462
+ {
2463
+ "type": "semgrep_id",
2464
+ "name": "nodejs_scan.javascript-database-rule-node_nosqli_js_injection",
2465
+ "value": "nodejs_scan.javascript-database-rule-node_nosqli_js_injection"
2466
+ },
2467
+ {
2468
+ "type": "semgrep_id",
2469
+ "name": "nodejs_scan.javascript-database-rule-node_sqli_injection",
2470
+ "value": "nodejs_scan.javascript-database-rule-node_sqli_injection"
2471
+ },
2472
+ {
2473
+ "type": "semgrep_id",
2474
+ "name": "nodejs_scan.javascript-database-rule-sequelize_tls",
2475
+ "value": "nodejs_scan.javascript-database-rule-sequelize_tls"
2476
+ },
2477
+ {
2478
+ "type": "semgrep_id",
2479
+ "name": "nodejs_scan.javascript-database-rule-sequelize_tls_cert_validation",
2480
+ "value": "nodejs_scan.javascript-database-rule-sequelize_tls_cert_validation"
2481
+ },
2482
+ {
2483
+ "type": "semgrep_id",
2484
+ "name": "nodejs_scan.javascript-database-rule-sequelize_weak_tls",
2485
+ "value": "nodejs_scan.javascript-database-rule-sequelize_weak_tls"
2486
+ },
2487
+ {
2488
+ "type": "semgrep_id",
2489
+ "name": "nodejs_scan.javascript-dos-rule-layer7_object_dos",
2490
+ "value": "nodejs_scan.javascript-dos-rule-layer7_object_dos"
2491
+ },
2492
+ {
2493
+ "type": "semgrep_id",
2494
+ "name": "nodejs_scan.javascript-dos-rule-regex_dos",
2495
+ "value": "nodejs_scan.javascript-dos-rule-regex_dos"
2496
+ },
2497
+ {
2498
+ "type": "semgrep_id",
2499
+ "name": "nodejs_scan.javascript-electronjs-rule-electron_allow_http",
2500
+ "value": "nodejs_scan.javascript-electronjs-rule-electron_allow_http"
2501
+ },
2502
+ {
2503
+ "type": "semgrep_id",
2504
+ "name": "nodejs_scan.javascript-electronjs-rule-electron_blink_integration",
2505
+ "value": "nodejs_scan.javascript-electronjs-rule-electron_blink_integration"
2506
+ },
2507
+ {
2508
+ "type": "semgrep_id",
2509
+ "name": "nodejs_scan.javascript-electronjs-rule-electron_context_isolation",
2510
+ "value": "nodejs_scan.javascript-electronjs-rule-electron_context_isolation"
2511
+ },
2512
+ {
2513
+ "type": "semgrep_id",
2514
+ "name": "nodejs_scan.javascript-electronjs-rule-electron_disable_websecurity",
2515
+ "value": "nodejs_scan.javascript-electronjs-rule-electron_disable_websecurity"
2516
+ },
2517
+ {
2518
+ "type": "semgrep_id",
2519
+ "name": "nodejs_scan.javascript-electronjs-rule-electron_experimental_features",
2520
+ "value": "nodejs_scan.javascript-electronjs-rule-electron_experimental_features"
2521
+ },
2522
+ {
2523
+ "type": "semgrep_id",
2524
+ "name": "nodejs_scan.javascript-electronjs-rule-electron_nodejs_integration",
2525
+ "value": "nodejs_scan.javascript-electronjs-rule-electron_nodejs_integration"
2526
+ },
2527
+ {
2528
+ "type": "semgrep_id",
2529
+ "name": "nodejs_scan.javascript-eval-rule-eval_nodejs",
2530
+ "value": "nodejs_scan.javascript-eval-rule-eval_nodejs"
2531
+ },
2532
+ {
2533
+ "type": "semgrep_id",
2534
+ "name": "nodejs_scan.javascript-eval-rule-eval_require",
2535
+ "value": "nodejs_scan.javascript-eval-rule-eval_require"
2536
+ },
2537
+ {
2538
+ "type": "semgrep_id",
2539
+ "name": "nodejs_scan.javascript-eval-rule-grpc_insecure_connection",
2540
+ "value": "nodejs_scan.javascript-eval-rule-grpc_insecure_connection"
2541
+ },
2542
+ {
2543
+ "type": "semgrep_id",
2544
+ "name": "nodejs_scan.javascript-eval-rule-node_deserialize",
2545
+ "value": "nodejs_scan.javascript-eval-rule-node_deserialize"
2546
+ },
2547
+ {
2548
+ "type": "semgrep_id",
2549
+ "name": "nodejs_scan.javascript-eval-rule-sandbox_code_injection",
2550
+ "value": "nodejs_scan.javascript-eval-rule-sandbox_code_injection"
2551
+ },
2552
+ {
2553
+ "type": "semgrep_id",
2554
+ "name": "nodejs_scan.javascript-eval-rule-serializetojs_deserialize",
2555
+ "value": "nodejs_scan.javascript-eval-rule-serializetojs_deserialize"
2556
+ },
2557
+ {
2558
+ "type": "semgrep_id",
2559
+ "name": "nodejs_scan.javascript-eval-rule-server_side_template_injection",
2560
+ "value": "nodejs_scan.javascript-eval-rule-server_side_template_injection"
2561
+ },
2562
+ {
2563
+ "type": "semgrep_id",
2564
+ "name": "nodejs_scan.javascript-eval-rule-vm2_code_injection",
2565
+ "value": "nodejs_scan.javascript-eval-rule-vm2_code_injection"
2566
+ },
2567
+ {
2568
+ "type": "semgrep_id",
2569
+ "name": "nodejs_scan.javascript-eval-rule-vm2_context_injection",
2570
+ "value": "nodejs_scan.javascript-eval-rule-vm2_context_injection"
2571
+ },
2572
+ {
2573
+ "type": "semgrep_id",
2574
+ "name": "nodejs_scan.javascript-eval-rule-vm_code_injection",
2575
+ "value": "nodejs_scan.javascript-eval-rule-vm_code_injection"
2576
+ },
2577
+ {
2578
+ "type": "semgrep_id",
2579
+ "name": "nodejs_scan.javascript-eval-rule-vm_compilefunction_injection",
2580
+ "value": "nodejs_scan.javascript-eval-rule-vm_compilefunction_injection"
2581
+ },
2582
+ {
2583
+ "type": "semgrep_id",
2584
+ "name": "nodejs_scan.javascript-eval-rule-vm_runincontext_injection",
2585
+ "value": "nodejs_scan.javascript-eval-rule-vm_runincontext_injection"
2586
+ },
2587
+ {
2588
+ "type": "semgrep_id",
2589
+ "name": "nodejs_scan.javascript-eval-rule-vm_runinnewcontext_injection",
2590
+ "value": "nodejs_scan.javascript-eval-rule-vm_runinnewcontext_injection"
2591
+ },
2592
+ {
2593
+ "type": "semgrep_id",
2594
+ "name": "nodejs_scan.javascript-eval-rule-yaml_deserialize",
2595
+ "value": "nodejs_scan.javascript-eval-rule-yaml_deserialize"
2596
+ },
2597
+ {
2598
+ "type": "semgrep_id",
2599
+ "name": "nodejs_scan.javascript-exec-rule-shelljs_os_command_exec",
2600
+ "value": "nodejs_scan.javascript-exec-rule-shelljs_os_command_exec"
2601
+ },
2602
+ {
2603
+ "type": "semgrep_id",
2604
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_default",
2605
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_default"
2606
+ },
2607
+ {
2608
+ "type": "semgrep_id",
2609
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_no_domain",
2610
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_no_domain"
2611
+ },
2612
+ {
2613
+ "type": "semgrep_id",
2614
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_no_httponly",
2615
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_no_httponly"
2616
+ },
2617
+ {
2618
+ "type": "semgrep_id",
2619
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_no_maxage",
2620
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_no_maxage"
2621
+ },
2622
+ {
2623
+ "type": "semgrep_id",
2624
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_no_path",
2625
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_no_path"
2626
+ },
2627
+ {
2628
+ "type": "semgrep_id",
2629
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_no_samesite",
2630
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_no_samesite"
2631
+ },
2632
+ {
2633
+ "type": "semgrep_id",
2634
+ "name": "nodejs_scan.javascript-headers-rule-cookie_session_no_secure",
2635
+ "value": "nodejs_scan.javascript-headers-rule-cookie_session_no_secure"
2636
+ },
2637
+ {
2638
+ "type": "semgrep_id",
2639
+ "name": "nodejs_scan.javascript-headers-rule-express_cors",
2640
+ "value": "nodejs_scan.javascript-headers-rule-express_cors"
2641
+ },
2642
+ {
2643
+ "type": "semgrep_id",
2644
+ "name": "nodejs_scan.javascript-headers-rule-generic_cors",
2645
+ "value": "nodejs_scan.javascript-headers-rule-generic_cors"
2646
+ },
2647
+ {
2648
+ "type": "semgrep_id",
2649
+ "name": "nodejs_scan.javascript-headers-rule-generic_header_injection",
2650
+ "value": "nodejs_scan.javascript-headers-rule-generic_header_injection"
2651
+ },
2652
+ {
2653
+ "type": "semgrep_id",
2654
+ "name": "nodejs_scan.javascript-headers-rule-header_xss_generic",
2655
+ "value": "nodejs_scan.javascript-headers-rule-header_xss_generic"
2656
+ },
2657
+ {
2658
+ "type": "semgrep_id",
2659
+ "name": "nodejs_scan.javascript-headers-rule-header_xss_lusca",
2660
+ "value": "nodejs_scan.javascript-headers-rule-header_xss_lusca"
2661
+ },
2662
+ {
2663
+ "type": "semgrep_id",
2664
+ "name": "nodejs_scan.javascript-headers-rule-helmet_feature_disabled",
2665
+ "value": "nodejs_scan.javascript-headers-rule-helmet_feature_disabled"
2666
+ },
2667
+ {
2668
+ "type": "semgrep_id",
2669
+ "name": "nodejs_scan.javascript-headers-rule-host_header_injection",
2670
+ "value": "nodejs_scan.javascript-headers-rule-host_header_injection"
2671
+ },
2672
+ {
2673
+ "type": "semgrep_id",
2674
+ "name": "nodejs_scan.javascript-jwt-rule-hardcoded_jwt_secret",
2675
+ "value": "nodejs_scan.javascript-jwt-rule-hardcoded_jwt_secret"
2676
+ },
2677
+ {
2678
+ "type": "semgrep_id",
2679
+ "name": "nodejs_scan.javascript-jwt-rule-jwt_exposed_credentials",
2680
+ "value": "nodejs_scan.javascript-jwt-rule-jwt_exposed_credentials"
2681
+ },
2682
+ {
2683
+ "type": "semgrep_id",
2684
+ "name": "nodejs_scan.javascript-jwt-rule-jwt_exposed_data",
2685
+ "value": "nodejs_scan.javascript-jwt-rule-jwt_exposed_data"
2686
+ },
2687
+ {
2688
+ "type": "semgrep_id",
2689
+ "name": "nodejs_scan.javascript-jwt-rule-jwt_express_hardcoded",
2690
+ "value": "nodejs_scan.javascript-jwt-rule-jwt_express_hardcoded"
2691
+ },
2692
+ {
2693
+ "type": "semgrep_id",
2694
+ "name": "nodejs_scan.javascript-jwt-rule-jwt_not_revoked",
2695
+ "value": "nodejs_scan.javascript-jwt-rule-jwt_not_revoked"
2696
+ },
2697
+ {
2698
+ "type": "semgrep_id",
2699
+ "name": "nodejs_scan.javascript-jwt-rule-node_jwt_none_algorithm",
2700
+ "value": "nodejs_scan.javascript-jwt-rule-node_jwt_none_algorithm"
2701
+ },
2702
+ {
2703
+ "type": "semgrep_id",
2704
+ "name": "nodejs_scan.javascript-redirect-rule-express_open_redirect",
2705
+ "value": "nodejs_scan.javascript-redirect-rule-express_open_redirect"
2706
+ },
2707
+ {
2708
+ "type": "semgrep_id",
2709
+ "name": "nodejs_scan.javascript-redirect-rule-express_open_redirect2",
2710
+ "value": "nodejs_scan.javascript-redirect-rule-express_open_redirect2"
2711
+ },
2712
+ {
2713
+ "type": "semgrep_id",
2714
+ "name": "nodejs_scan.javascript-ssrf-rule-node_ssrf",
2715
+ "value": "nodejs_scan.javascript-ssrf-rule-node_ssrf"
2716
+ },
2717
+ {
2718
+ "type": "semgrep_id",
2719
+ "name": "nodejs_scan.javascript-ssrf-rule-phantom_ssrf",
2720
+ "value": "nodejs_scan.javascript-ssrf-rule-phantom_ssrf"
2721
+ },
2722
+ {
2723
+ "type": "semgrep_id",
2724
+ "name": "nodejs_scan.javascript-ssrf-rule-playwright_ssrf",
2725
+ "value": "nodejs_scan.javascript-ssrf-rule-playwright_ssrf"
2726
+ },
2727
+ {
2728
+ "type": "semgrep_id",
2729
+ "name": "nodejs_scan.javascript-ssrf-rule-puppeteer_ssrf",
2730
+ "value": "nodejs_scan.javascript-ssrf-rule-puppeteer_ssrf"
2731
+ },
2732
+ {
2733
+ "type": "semgrep_id",
2734
+ "name": "nodejs_scan.javascript-ssrf-rule-wkhtmltoimage_ssrf",
2735
+ "value": "nodejs_scan.javascript-ssrf-rule-wkhtmltoimage_ssrf"
2736
+ },
2737
+ {
2738
+ "type": "semgrep_id",
2739
+ "name": "nodejs_scan.javascript-ssrf-rule-wkhtmltopdf_ssrf",
2740
+ "value": "nodejs_scan.javascript-ssrf-rule-wkhtmltopdf_ssrf"
2741
+ },
2742
+ {
2743
+ "type": "semgrep_id",
2744
+ "name": "nodejs_scan.javascript-traversal-rule-admzip_path_overwrite",
2745
+ "value": "nodejs_scan.javascript-traversal-rule-admzip_path_overwrite"
2746
+ },
2747
+ {
2748
+ "type": "semgrep_id",
2749
+ "name": "nodejs_scan.javascript-traversal-rule-express_lfr",
2750
+ "value": "nodejs_scan.javascript-traversal-rule-express_lfr"
2751
+ },
2752
+ {
2753
+ "type": "semgrep_id",
2754
+ "name": "nodejs_scan.javascript-traversal-rule-express_lfr_warning",
2755
+ "value": "nodejs_scan.javascript-traversal-rule-express_lfr_warning"
2756
+ },
2757
+ {
2758
+ "type": "semgrep_id",
2759
+ "name": "nodejs_scan.javascript-traversal-rule-generic_path_traversal",
2760
+ "value": "nodejs_scan.javascript-traversal-rule-generic_path_traversal"
2761
+ },
2762
+ {
2763
+ "type": "semgrep_id",
2764
+ "name": "nodejs_scan.javascript-traversal-rule-join_resolve_path_traversal",
2765
+ "value": "nodejs_scan.javascript-traversal-rule-join_resolve_path_traversal"
2766
+ },
2767
+ {
2768
+ "type": "semgrep_id",
2769
+ "name": "nodejs_scan.javascript-traversal-rule-tar_path_overwrite",
2770
+ "value": "nodejs_scan.javascript-traversal-rule-tar_path_overwrite"
2771
+ },
2772
+ {
2773
+ "type": "semgrep_id",
2774
+ "name": "nodejs_scan.javascript-traversal-rule-zip_path_overwrite",
2775
+ "value": "nodejs_scan.javascript-traversal-rule-zip_path_overwrite"
2776
+ },
2777
+ {
2778
+ "type": "semgrep_id",
2779
+ "name": "nodejs_scan.javascript-xml-rule-node_entity_expansion",
2780
+ "value": "nodejs_scan.javascript-xml-rule-node_entity_expansion"
2781
+ },
2782
+ {
2783
+ "type": "semgrep_id",
2784
+ "name": "nodejs_scan.javascript-xml-rule-node_xpath_injection",
2785
+ "value": "nodejs_scan.javascript-xml-rule-node_xpath_injection"
2786
+ },
2787
+ {
2788
+ "type": "semgrep_id",
2789
+ "name": "nodejs_scan.javascript-xml-rule-node_xxe",
2790
+ "value": "nodejs_scan.javascript-xml-rule-node_xxe"
2791
+ },
2792
+ {
2793
+ "type": "semgrep_id",
2794
+ "name": "nodejs_scan.javascript-xml-rule-xxe_expat",
2795
+ "value": "nodejs_scan.javascript-xml-rule-xxe_expat"
2796
+ },
2797
+ {
2798
+ "type": "semgrep_id",
2799
+ "name": "nodejs_scan.javascript-xss-rule-express_xss",
2800
+ "value": "nodejs_scan.javascript-xss-rule-express_xss"
2801
+ },
2802
+ {
2803
+ "type": "semgrep_id",
2804
+ "name": "nodejs_scan.javascript-xss-rule-handlebars_noescape",
2805
+ "value": "nodejs_scan.javascript-xss-rule-handlebars_noescape"
2806
+ },
2807
+ {
2808
+ "type": "semgrep_id",
2809
+ "name": "nodejs_scan.javascript-xss-rule-handlebars_safestring",
2810
+ "value": "nodejs_scan.javascript-xss-rule-handlebars_safestring"
2811
+ },
2812
+ {
2813
+ "type": "semgrep_id",
2814
+ "name": "nodejs_scan.javascript-xss-rule-squirrelly_autoescape",
2815
+ "value": "nodejs_scan.javascript-xss-rule-squirrelly_autoescape"
2816
+ },
2817
+ {
2818
+ "type": "semgrep_id",
2819
+ "name": "nodejs_scan.javascript-xss-rule-xss_disable_mustache_escape",
2820
+ "value": "nodejs_scan.javascript-xss-rule-xss_disable_mustache_escape"
2821
+ },
2822
+ {
2823
+ "type": "semgrep_id",
2824
+ "name": "nodejs_scan.javascript-xss-rule-xss_serialize_javascript",
2825
+ "value": "nodejs_scan.javascript-xss-rule-xss_serialize_javascript"
2826
+ },
2827
+ {
2828
+ "type": "semgrep_id",
2829
+ "name": "PHPCS_SecurityAudit.BadFunctions.Asserts.WarnFunctionHandling",
2830
+ "value": "PHPCS_SecurityAudit.BadFunctions.Asserts.WarnFunctionHandling"
2831
+ },
2832
+ {
2833
+ "type": "semgrep_id",
2834
+ "name": "PHPCS_SecurityAudit.BadFunctions.Backticks.WarnSystemExec",
2835
+ "value": "PHPCS_SecurityAudit.BadFunctions.Backticks.WarnSystemExec"
2836
+ },
2837
+ {
2838
+ "type": "semgrep_id",
2839
+ "name": "PHPCS_SecurityAudit.BadFunctions.CryptoFunctions.WarnCryptoFunc",
2840
+ "value": "PHPCS_SecurityAudit.BadFunctions.CryptoFunctions.WarnCryptoFunc"
2841
+ },
2842
+ {
2843
+ "type": "semgrep_id",
2844
+ "name": "PHPCS_SecurityAudit.BadFunctions.CryptoFunctions.WarnCryptoFunc",
2845
+ "value": "PHPCS_SecurityAudit.BadFunctions.CryptoFunctions.WarnCryptoFunc"
2846
+ },
2847
+ {
2848
+ "type": "semgrep_id",
2849
+ "name": "PHPCS_SecurityAudit.BadFunctions.FilesystemFunctions.WarnFilesystem",
2850
+ "value": "PHPCS_SecurityAudit.BadFunctions.FilesystemFunctions.WarnFilesystem"
2851
+ },
2852
+ {
2853
+ "type": "semgrep_id",
2854
+ "name": "PHPCS_SecurityAudit.BadFunctions.FringeFunctions.WarnFringestuff",
2855
+ "value": "PHPCS_SecurityAudit.BadFunctions.FringeFunctions.WarnFringestuff"
2856
+ },
2857
+ {
2858
+ "type": "semgrep_id",
2859
+ "name": "PHPCS_SecurityAudit.BadFunctions.NoEvals.NoEvals",
2860
+ "value": "PHPCS_SecurityAudit.BadFunctions.NoEvals.NoEvals"
2861
+ },
2862
+ {
2863
+ "type": "semgrep_id",
2864
+ "name": "PHPCS_SecurityAudit.BadFunctions.Phpinfos.WarnPhpinfo",
2865
+ "value": "PHPCS_SecurityAudit.BadFunctions.Phpinfos.WarnPhpinfo"
2866
+ },
2867
+ {
2868
+ "type": "semgrep_id",
2869
+ "name": "PHPCS_SecurityAudit.BadFunctions.SystemExecFunctions.WarnSystemExec",
2870
+ "value": "PHPCS_SecurityAudit.BadFunctions.SystemExecFunctions.WarnSystemExec"
2871
+ },
2872
+ {
2873
+ "type": "semgrep_id",
2874
+ "name": "properties_spring_rule-SpringActuatorFullyEnabled",
2875
+ "value": "properties_spring_rule-SpringActuatorFullyEnabled"
2876
+ },
2877
+ {
2878
+ "type": "semgrep_id",
2879
+ "name": "python_crypto_rule-HTTPConnectionPool",
2880
+ "value": "python_crypto_rule-HTTPConnectionPool"
2881
+ },
2882
+ {
2883
+ "type": "semgrep_id",
2884
+ "name": "python_exec_rule-start-process-partial-path",
2885
+ "value": "python_exec_rule-start-process-partial-path"
2886
+ },
2887
+ {
2888
+ "type": "semgrep_id",
2889
+ "name": "python_exec_rule-start-process-path",
2890
+ "value": "python_exec_rule-start-process-path"
2891
+ },
2892
+ {
2893
+ "type": "semgrep_id",
2894
+ "name": "python_exec_rule-subprocess-call-array",
2895
+ "value": "python_exec_rule-subprocess-call-array"
2896
+ },
2897
+ {
2898
+ "type": "semgrep_id",
2899
+ "name": "python_flask_rule-flask-open-redirect",
2900
+ "value": "python_flask_rule-flask-open-redirect"
2901
+ },
2902
+ {
2903
+ "type": "semgrep_id",
2904
+ "name": "python_flask_rule-flask-tainted-sql-string",
2905
+ "value": "python_flask_rule-flask-tainted-sql-string"
2906
+ },
2907
+ {
2908
+ "type": "semgrep_id",
2909
+ "name": "python_flask_rule-path-traversal-open",
2910
+ "value": "python_flask_rule-path-traversal-open"
2911
+ },
2912
+ {
2913
+ "type": "semgrep_id",
2914
+ "name": "python_jwt_rule-jwt-none-alg",
2915
+ "value": "python_jwt_rule-jwt-none-alg",
2916
+ "url": "https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/"
2917
+ },
2918
+ {
2919
+ "type": "semgrep_id",
2920
+ "name": "python_pyramid_rule-pyramid-csrf-origin-check",
2921
+ "value": "python_pyramid_rule-pyramid-csrf-origin-check"
2922
+ },
2923
+ {
2924
+ "type": "semgrep_id",
2925
+ "name": "scala_unsafe_rule-InformationExposureVariant2",
2926
+ "value": "scala_unsafe_rule-InformationExposureVariant2"
2927
+ },
2928
+ {
2929
+ "type": "semgrep_id",
2930
+ "name": "security_code_scan.SCS0001-1",
2931
+ "value": "security_code_scan.SCS0001-1"
2932
+ },
2933
+ {
2934
+ "type": "semgrep_id",
2935
+ "name": "security_code_scan.SCS0002-1",
2936
+ "value": "security_code_scan.SCS0002-1"
2937
+ },
2938
+ {
2939
+ "type": "semgrep_id",
2940
+ "name": "security_code_scan.SCS0003-1",
2941
+ "value": "security_code_scan.SCS0003-1"
2942
+ },
2943
+ {
2944
+ "type": "semgrep_id",
2945
+ "name": "security_code_scan.SCS0004-1",
2946
+ "value": "security_code_scan.SCS0004-1"
2947
+ },
2948
+ {
2949
+ "type": "semgrep_id",
2950
+ "name": "security_code_scan.SCS0005-1",
2951
+ "value": "security_code_scan.SCS0005-1"
2952
+ },
2953
+ {
2954
+ "type": "semgrep_id",
2955
+ "name": "security_code_scan.SCS0006-1",
2956
+ "value": "security_code_scan.SCS0006-1"
2957
+ },
2958
+ {
2959
+ "type": "semgrep_id",
2960
+ "name": "security_code_scan.SCS0008-1",
2961
+ "value": "security_code_scan.SCS0008-1"
2962
+ },
2963
+ {
2964
+ "type": "semgrep_id",
2965
+ "name": "security_code_scan.SCS0009-1",
2966
+ "value": "security_code_scan.SCS0009-1"
2967
+ },
2968
+ {
2969
+ "type": "semgrep_id",
2970
+ "name": "security_code_scan.SCS0010-1",
2971
+ "value": "security_code_scan.SCS0010-1"
2972
+ },
2973
+ {
2974
+ "type": "semgrep_id",
2975
+ "name": "security_code_scan.SCS0011-1",
2976
+ "value": "security_code_scan.SCS0011-1"
2977
+ },
2978
+ {
2979
+ "type": "semgrep_id",
2980
+ "name": "security_code_scan.SCS0013-1",
2981
+ "value": "security_code_scan.SCS0013-1"
2982
+ },
2983
+ {
2984
+ "type": "semgrep_id",
2985
+ "name": "security_code_scan.SCS0016-1",
2986
+ "value": "security_code_scan.SCS0016-1"
2987
+ },
2988
+ {
2989
+ "type": "semgrep_id",
2990
+ "name": "security_code_scan.SCS0017-1",
2991
+ "value": "security_code_scan.SCS0017-1"
2992
+ },
2993
+ {
2994
+ "type": "semgrep_id",
2995
+ "name": "security_code_scan.SCS0018-1",
2996
+ "value": "security_code_scan.SCS0018-1"
2997
+ },
2998
+ {
2999
+ "type": "semgrep_id",
3000
+ "name": "security_code_scan.SCS0026-1.SCS0031-1",
3001
+ "value": "security_code_scan.SCS0026-1.SCS0031-1"
3002
+ },
3003
+ {
3004
+ "type": "semgrep_id",
3005
+ "name": "security_code_scan.SCS0027-1",
3006
+ "value": "security_code_scan.SCS0027-1"
3007
+ },
3008
+ {
3009
+ "type": "semgrep_id",
3010
+ "name": "security_code_scan.SCS0028-1",
3011
+ "value": "security_code_scan.SCS0028-1"
3012
+ },
3013
+ {
3014
+ "type": "semgrep_id",
3015
+ "name": "security_code_scan.SCS0029-1",
3016
+ "value": "security_code_scan.SCS0029-1"
3017
+ },
3018
+ {
3019
+ "type": "semgrep_id",
3020
+ "name": "security_code_scan.SCS0029-2",
3021
+ "value": "security_code_scan.SCS0029-2"
3022
+ },
3023
+ {
3024
+ "type": "semgrep_id",
3025
+ "name": "security_code_scan.SCS0032-1.SCS0033-1.SCS0034-1",
3026
+ "value": "security_code_scan.SCS0032-1.SCS0033-1.SCS0034-1"
3027
+ },
3028
+ {
3029
+ "type": "semgrep_id",
3030
+ "name": "security_code_scan.SCS0035-1",
3031
+ "value": "security_code_scan.SCS0035-1"
3032
+ },
3033
+ {
3034
+ "type": "semgrep_id",
3035
+ "name": "security_code_scan.SCS0035-2",
3036
+ "value": "security_code_scan.SCS0035-2"
3037
+ },
3038
+ {
3039
+ "type": "semgrep_id",
3040
+ "name": "yaml_spring_rule-SpringActuatorFullyEnabled",
3041
+ "value": "yaml_spring_rule-SpringActuatorFullyEnabled"
3042
+ }
3043
+ ],
3044
+ "type": "sast",
3045
+ "start_time": "2025-07-22T14:07:09",
3046
+ "end_time": "2025-07-22T14:07:23",
3047
+ "status": "success",
3048
+ "observability": {
3049
+ "events": [
3050
+ {
3051
+ "event": "collect_sast_scan_metrics_from_pipeline",
3052
+ "property": "207235c3-ee47-451a-9bc3-3872e515e195",
3053
+ "label": "semgrep",
3054
+ "value": 0,
3055
+ "version": "6.5.0",
3056
+ "exit_code": 0,
3057
+ "override_count": 0,
3058
+ "passthrough_count": 0,
3059
+ "custom_exclude_path_count": 0,
3060
+ "time_s": 13,
3061
+ "file_count": 321
3062
+ }
3063
+ ]
3064
+ }
3065
+ }
3066
+ }